Customers can pay by waving their mobile phones at checkout terminals, without using credit cards. This mobile payment service has been introduced in countries like Japan, but it is just beginning to take off in the United States. The Google Wallet service is currently available on phones sold by Sprint. Verizon Wireless, AT&T and T-Mobile USA previously jointly created NFC mobile payment company Isis. The company will launch a product to compete with Google Wallet, but the exact launch time has not been announced yet.
The vulnerability in Google Wallet was discovered by Joshua Rubin, a senior engineer at information security company zvelo. Rubin developed a cracking application called Wallet Cracker, which he claims can obtain the four-digit PIN required to open the Google Wallet application. He demonstrated the specific cracking process via a video on his blog.
Rubin stated that he had informed Google of his findings, and Google responded by confirming the issue and agreeing to resolve it quickly. Jay Nancarrow, a Google spokesperson, stated in an email statement that "We are working to resolve this issue." At the same time, he questioned Rubin's investigation, saying, "zvelo's research was conducted on their own phone, where they disabled the security mechanisms protecting Google Wallet by gaining root access."
Nancarrow also advised people not to install Google Wallet on devices with root access obtained, and to set a screen lock password for additional protection. A representative from Sprint, Shang Yicai, did not respond to the matter.
Google Wallet partners also include Citigroup and payment network MasterCard. Emily Collins, a spokeswoman for Citigroup, stated that cardholder information from Citigroup is not stored in Google Wallet, and cardholders are not liable for unauthorized transactions.