Google Wallet: perfection is yet to come
In the rivalry between QR codes and Near Field Communication Google has already chosen the winner. Google has created Google Wallet, which is based on the NFC technology.
Google wallet is a payment system, which enables users to operate their credit cards, debit cards, loyalty cards and bonus vouchers.
In May 2011 Google introduced new app for Google Wallet. Now your wallet is in your smartphone. You can use it at any store or cafe or even petrol station where NFC device is implemented. Google claimed to break people’s stereotypes about how regular wallet should look like.
In the beginning of its development Google Wallet, however, had some significant flaws.
First and foremost problem, which Google Wallet had, was its security. To protect all transmitted data during the mobile transaction Security Element is used. SE - a card with microchip - is a storage with ciphered information (credit card numbers, etc.), which is sent every time when the device interacts with the terminal. SE is the core element of the security system of NFC payments. Only 4-digit PIN protects Security Element from being cracked.
Soon after Google Wallet launching, it was cracked by Joshua Rubin, senior engineer at Zvelo. In his blog, Rubin described step-by-step the way how anyone can crack Google Wallet. Rubin used brute force to crack PIN code. As Google Wallet’s PIN consists of 4 digits, so there are not so many combinations (only 10 000 hashes) you need to try to crack it. Cracking such PIN codes is mediocre task even for such not very powerful platforms as a smartphone.
There appeared other possibilities how you can crack or change Google Wallet’s PIN. This fact is not very pleasant, as well as the fact that NFC devices at points of sales remember all data transmitted from the cell phone.
Soon after Google was reported about all security problems, they began troubleshooting campaign. Google hasn’t eliminated all errors, but offered several ways you can raise your cell phone protection.
- First of all, you need to to have full disk encryption.
- Secondly, it is recommended to always have the latest software updates on your device.
- It was mentioned as well that this hacking was performed from the “rooted” Android device. It is better to operate Google Wallet from the “non-rooted” device, as security protection is higher on the latter.
- And last but not the least, smartphone should have screen lock, as an additional security layer.
Other imperfections of Google Wallet is that this system hasn’t yet gained popularity. To begin with only using CitiBank Mastercard was possible to make successful transaction. Other cards were not accepted mostly. Besides Google Wallet is compatible with not so many devices currently (see Eligible Devices).
Google solved these issues partially by going to the cloud. Recently launched cloud-based Google Wallet application supports most of credit and debit cards such as Visa, American Express, and Discover. Besides, this cloud-based app allows users to store all necessary card information not in the secure storage on cell phone but on highly protected Google servers.
What is more, with this new technology, Google Wallet is much more secure for lost or stolen smartphones. Now users can disable access to their Wallet remotely using an online portal.
There is still a lot of work ahead of Google Wallet. However, this technology is going to have a great future.