By
updated 12/13/2011 3:48:28 PM ET 2011-12-13T20:48:28

Google Wallet stores an unnecessary and troubling amount of its customers' financial data in unencrypted files, according to a study from the security firm ViaForensics.

Analyzing a rooted phone, meaning he had privileged control of the device, ViaForensics chief investigative office Andrew Hoog was able to access the credit card holder's name, balance, limits and expiration date, as well as dates and locations of transactions made using Google Wallet.

Unveiled in May, Google Wallet allows people to link their smartphones to their bank accounts, and then tap their phones at stores' point-of-sale terminals. Making use of NFC (near-field communication) technology, Google Wallet sends short-range wireless signals from the phone (which stores the financial data) to the checkout terminal.

[Dialing for Dollars: Credit-Card Smartphones Pose New Risks]

Google Wallet is offered on Android-based Nexus S devices, which have a built-in NFC chip. Hoog studied the program using a Sprint Nexus S phone tied to a Citibank MasterCard.

In addition to the balance on the account, Hoog said Google Wallet also insecurely stored the type of credit card and the Gmail account used for the Wallet. And although Google Wallet encrypted the first 12 digits of the 16-digit credit card number, it did not safely store the final four; not only was Hoog able to see the last four digits of the MasterCard number, but he could also see its expiration date, data that could be invaluable for an identity thief or scammer.

"Many consumers would not find it acceptable if people knew their credit card balance or limits," Hoog wrote. "Further, the ability to use this data in a social engineering attack against the consumer directly or a provider is pretty high. For example, if I know your name, when you've used your card recently, last 4 digits and expiration date, I'm pretty confident I could use the information to my advantage."

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments