Atleast im part of one 0.01%.

/paypal sucks

Who didn't see this coming.
Early days of NFC, bound to be some pain.

I already have a service like Google Wallet.

It's called the bank.

nrw: If you put money in your wallet, dont lose your wallet. If you put money on your phone, dont lose your phone. Im not exactly sure what the exploit part of this is.

The exploit is that people have things lost and stolen all of the time. ATM cards are relatively secure... one would expect Google to be at least as secure as any ancient technology.

/Of course this won't be an issue for anyone living in mom's basement and hasn't seen sunlight in decades

digistil: nrw: If you put money in your wallet, dont lose your wallet. If you put money on your phone, dont lose your phone. Im not exactly sure what the exploit part of this is.

The exploit is that people have things lost and stolen all of the time. ATM cards are relatively secure... one would expect Google to be at least as secure as any ancient technology.

/Of course this won't be an issue for anyone living in mom's basement and hasn't seen sunlight in decades

I've had various cell phones since some time in high school. For me, that's about 10 years ago. Funny thing is, over those 10 years, I've never lost my cellphone. I've lost my wallet once, but never my phone.

So if you lose your phone (without it being secured), and the person knows to check GWallet, and the person knows the exploit, that they can access whatever money you had in the wallet itself -- not your CCs that you had in there because that gets wiped, just the basic wallet.

Which should have no money in it anyway, since you're paying directly from the CC more often then not.

So you lose a $400-600 phone, and MAYBE a few bucks... Priorities much?

Subby, I don't think I can get even .01% of me to panic. You'll be lucky to get .0001%. And that's probably a rounding error.

Great article on Dark Reading about security practices in app development. Basically dudes want to ship code and don't have time to give a rat's arse about security. There is no SDL so you get people doing rubbish implementations of encryption (or in the case of Google Wallet - storing your fricking CC data in plaintext).

The best bit is with Android being all free and open source, Google has no liability.

GranoblasticMan: digistil: nrw: If you put money in your wallet, dont lose your wallet. If you put money on your phone, dont lose your phone. Im not exactly sure what the exploit part of this is.

The exploit is that people have things lost and stolen all of the time. ATM cards are relatively secure... one would expect Google to be at least as secure as any ancient technology.

/Of course this won't be an issue for anyone living in mom's basement and hasn't seen sunlight in decades

I've had various cell phones since some time in high school. For me, that's about 10 years ago. Funny thing is, over those 10 years, I've never lost my cellphone. I've lost my wallet once, but never my phone.

What's your point? That you're due to lose your cell phone?

nrw: If you put money in your wallet, dont lose your wallet. If you put money on your phone, dont lose your phone. Im not exactly sure what the exploit part of this is.

I think the main fear is that the more you load on to a single device the easier it is to either forget that device or, more commonly, that a mugger or other scrote can get the item off you and make off with well... everything.

As it currently stands you can skim a contactless card without too much effort, I'd be dubious about this system being any more secure than those; plus you can't throw it in a faraday cage wallet like you can those cards as... it's also your phone.

Identifying an exploit =/= hacked

Bad subby.

'Hack': Your car may be stolen if someone gets a hold of the keys.
Fix: Don't lose your keys you idiot.

'Hack': Your phone's information may be stolen if you lose it.
Fix: Don't lose your phone you idiot.

If you lose your cell phone, you call your cell phone company and have them deactivate the phone. The phone can no longer access your funds in Google Wallet, and is essentially a brick.

If you lose your wallet, you have to call your bank and all your credit card companies to deactivate the cards. And they have all your cash.

Larry Mahnken: If you lose your cell phone, you call your cell phone company and have them deactivate the phone. The phone can no longer access your funds in Google Wallet, and is essentially a brick.

You can, usually, spoof IMEI numbers on a phone and it magically jumps back up and starts working. I had the, misfortune, of spending several hours around some chavs who were loudly and enthusiastically telling me about their stolen iPhone 4S's and where, exactly, they'd gone to have them reactivated.

Unless the phone destroys its internals when told "you've been stolen" I would want to know what happens when a 'brick' which could previously access someones Google Wallet gets a spanky new IMEI shoved on it.

Larry Mahnken: ...

P.S. Most people don't realise a bricked phone still has functional radios, it's just had it's version of a MAC address blocked. It'll join a WiFi network and so on until you spoof a new IMEI at which point it's back to fully functional.

I want to see the looks on a chavs face when 'his' new phone literally destroys its radios, sd card & slot and burns the picture of someone giving them the finger on to the screen.

So you install one of many, free apps that can remotely wipe your phone by SMS or by the internet.

/non-issue

Another half-baked Google product.....I am absolutely shocked by this, absolutely shocked.

I still enjoy their fully baked products.