A security flaw has prompted Google to suspend the functionality of prepaid credit cards linked to its mobile wallet product. The flaw, revealed last week by an anonymous blogger, allows an unauthorized user of an Android phone access the balances on said cards simply by going into the phone’s settings and clearing out all data for Google Wallet.
“We took this step as a precaution until we issue a permanent fix soon,” Vice President for Google Wallet and Payments Osama Bedler wrote in a company blog.
Granted, in order for the flaw to be exploited the phone has to be physically accessed but it is still a serious concern and another black eye for Google. Days earlier a security firm reported that it has been able to crack the Google Wallet PIN by a simple brute force attack because for some unexplainable reason, Google programmed the app to save the PIN in a Android phone database instead of in the much more appropriate “secure element” which is a piece of hardware in the phone nearly impossible to compromise.
Google needs to clean up its security act quickly. People expect better from the company that brought them Android.