This is why they should have put NFC in the iPhone Edit: Google Security Trouble

[tigress666]

Not necessary to do that. In order to use it, the app has to be unlocked with a pin. That's more secure than checking an ID against a physical card. So in essence it's no different than them not checking ID when you use your card as debit (since they assume since you know the pin it's your card). NFC is much more secure than a physical card.

Note: You didn't see a pin entered on the app in the video because I set the app to stay unlocked for 30 minutes after pin entry (didn't want to be entering a pin on camera).

And this is why it won't get widespread use until people are forced to (do you really have to enter a pin in first? I personally like that, don't get me wrong, but i work retail and you'd be amazed how lazy people are).

People don't like having to remember a number, that's too much work. Why do you think the credit card companies (unless forced) just want to use signatures? Because it's quick and easy and painless for people. Hell, they are making it more painless for under 25 you don't even need to sign. And the credit card companies are in the business of convincing you to use your card as much as possible. So they always are going for whatever is the path of least resistance to allow people to do.

I see so many people who don't bother to remember their pin (They just use their debit like a credit card) or who get pissed off at having to remember a pin. Hell, if they haven't signed their card and I ask for ID I get lots of grumbling about that (just for the few seconds it takes to get an ID out).

Don't get me wrong, I personally would like the US to go the way of England, where everyone uses a pin for their credit card (the CC companies don't though). I just think looking at the general populace, you won't make a technology popular if it involves them having to remember a pin when they can just take out their CC and swipe it.

 

[mysterioustko]

And this is why it won't get widespread use until people are forced to (do you really have to enter a pin in first? I personally like that, don't get me wrong, but i work retail and you'd be amazed how lazy people are).

People don't like having to remember a number, that's too much work. Why do you think the credit card companies (unless forced) just want to use signatures? Because it's quick and easy and painless for people. Hell, they are making it more painless for under 25 you don't even need to sign. And the credit card companies are in the business of convincing you to use your card as much as possible. So they always are going for whatever is the path of least resistance to allow people to do.

I see so many people who don't bother to remember their pin (They just use their debit like a credit card) or who get pissed off at having to remember a pin. Hell, if they haven't signed their card and I ask for ID I get lots of grumbling about that (just for the few seconds it takes to get an ID out).

Don't get me wrong, I personally would like the US to go the way of England, where everyone uses a pin for their credit card (the CC companies don't though). I just think looking at the general populace, you won't make a technology popular if it involves them having to remember a pin when they can just take out their CC and swipe it.

I get what you're saying but at the same time there is a large number of people who pin lock their phones (for various reasons). So I'm not sure having a pin would really deter people form using it. I do agree that many people are incredibly lazy though so there's no telling how it will be received. One thing though that I think will be a good thing that will draw people to using NFC is when they are able to use their phones for other nfc things, such as bus passes, entry into their office buildings, etc. BTW they are actually already working on those things too.

 

[rjohnstone]

Update:
I guess there's trouble in paradise lol
http://thesmartphonechamp.com/security-flaw-found-in-google-wallet/

Two things must occur for the exploit to work.
1.) You must have your phone rooted BEFORE you set up your Google Wallet PIN.
2.) The person hacking the PIN must be in physical possession of the phone.

Rooting the phone AFTER a PIN is set wipes the PIN data.

http://briefmobile.com/google-wallet-security-flaw-exposed-only-effects-rooted-devices

The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.

Basically it's a non-issue for typical users.

 

[BearerOBadNews]

Two things must occur for the exploit to work.
1.) You must have your phone rooted BEFORE you set up your Google Wallet PIN.
2.) The person hacking the PIN must be in physical possession of the phone.

Rooting the phone AFTER a PIN is set wipes the PIN data.

http://briefmobile.com/google-wallet-security-flaw-exposed-only-effects-rooted-devices



Basically it's a non-issue for typical users.

You obviously didn't read the link. Here is a different one that will make it more clear for you. Root isn't necessary for someone to gain access to your Google Wallet account.

 

[diamond.g]

You obviously didn't read the link. Here is a different one that will make it more clear for you. Root isn't necessary for someone to gain access to your Google Wallet account.

It seems like they need physical access though correct?

 

[lordofthereef]

It seems like they need physical access though correct?

Yes, they do. Still, this was really my personal concern from the getgo. "Losing your phone = losing your entire wallet" currently. Certainly not a good thing. That said, I would notice my phone was lost far sooner than my wallet.

 

[cynics]

I suggest reading the actual article that link was spawned from

http://viaforensics.com/mobile-security/forensics-security-analysis-google-wallet.html

Gw isn't as vulnerable as that original link makes it appear to be. Brute force attack can only be done on a rooted device and since rooting requires a full wipe it's not that big of a deal.

Resetting the device to enter a new pin will give people access to your GOOGLE PREPAID CARD. Not to be confused with your credit cards.

All this is in the original link.

 

[lordofthereef]

I suggest reading the actual article that link was spawned from

http://viaforensics.com/mobile-security/forensics-security-analysis-google-wallet.html

Gw isn't as vulnerable as that original link makes it appear to be. Brute force attack can only be done on a rooted device and since rooting requires a full wipe it's not that big of a deal.

Resetting the device to enter a new pin will give people access to your GOOGLE PREPAID CARD. Not to be confused with your credit cards.

All this is in the original link.

Perhaps it's not a big deal as what people are making it seem, but it is certainly a bigger deal than I personally think it should be.

 

[cynics]

Perhaps it's not a big deal as what people are making it seem, but it is certainly a bigger deal than I personally think it should be.

Very true. I won't say identity theft is ever an insignificant problem!

However I think a good enough hacker can take any smartphone and peal your life off it.

Someone gets my iPhone somehow hacks a couple passwords and they are into my amazon account.

Personally what I've done is have identity theft protection via my credit cards and insurance. They will reimburse me and fix my credit score. So I try to stay secure but if something does happen at least I have the peace of mind it won't totally destroy my finances.