Tuesday, December 13, 2011

Google Wallet stores too much unencrypted data in a rooted device--report


image from itgawker.com
CNET:  Google Wallet does a good job of storing passwords but doesn't encrypt the entire credit card number, balance, and other information, a research firm said today after testing the application on a rooted device.
Data that is stored on the device in various SQLite databases in unencrypted form also includes name on the card, the last four digits of the credit card, card limit, expiration date, transaction dates, and locations, ViaForensics said in a report titled "Forensic security analysis of Google Wallet."
In addition, the application created a recoverable image of a credit card that could provide fodder for a social engineering attack, according to the report, which was a high-level analysis of Google Wallet--"the first real payment system leveraging NFC [near field communication] on Android."

ViaForensics gives a report card of sorts to Google Wallet, noting that it securely stores passwords but doesn't encrypt other data that could be used in a social engineering attack.
ViaForensics gives a report card of sorts to Google Wallet, noting that it securely stores passwords but doesn't encrypt other data that could be used in a social engineering attack.
(Credit: ViaForensics)

Disqus for ePayment News