Sophos Cloud Optix
Google has announced, to some fanfare, what it hopes will be a revolution in the way we pay for things: Google Wallet.
Google Wallet is a smartphone app (currently only available for the Nexus S 4G Android phone) that aims to replace your credit cards.
It works like this. You go to a store (let’s imagine it’s a coffee shop), the barista hands you your steaming skinny caramel macchiato and a toasted onion bagel with low fat cream cheese and bacon, and rather than give them your credit card or reach into your pocket for some coins, you..
* take out your smartphone
* unlock it
* run the Google Wallet app
* enter the PIN for your Google Wallet app
* swipe your smartphone against the coffee shop’s pay point.
How convenient!
The Google Wallet app uses NFC (near-field communications) technology in your smartphone to wirelessly debit the credit card you have linked with the application.
Here’s a video that Google has produced describing Google Wallet.
Human nature being what it is, some people will be nervous of adopting this kind of technology to pay for goods. Just remember how long it took for some people to switch to using credit cards.
The PIN
It looks like Google recognises that some people will be fearful, and is keen for potential users to know that the Google Wallet app is protected by a four digit PIN.
Unless the PIN is entered, the NFC antenna is switched off – meaning that you can’t make any purchases. Similarly when the phone’s screen is switched off, the NFC antenna is disabled.
The Google Wallet app insists that you re-enter your PIN every five minutes by default – something that I suspect many users will find irritating, and will change to a longer time period for more convenience and less security.
Another concern I have, though, is whether users will choose sensible PINs to protect their Google Wallet.
When you’re waiting to slurp your steaming skinny caramel macchiato and munch on your toasted onion bagel with low fat cream cheese and bacon, will you be entering a PIN code that is convenient or one that is more secure?
Research published earlier this year, revealed the top 10 passcodes that iPhone owners use to protect their devices and we have to assume that Google Wallet users will be just as laissez-faire when choosing a PIN.
We already know that 67% of consumers don’t have any form of password on their mobile phones.
It’s hard to imagine that all users are going to choose a PIN code for their Google Wallet which is hard to crack, let alone different from the one which they should be using to protect all the rest of their smartphone.
So, if you lose your smartphone and have not chosen a sensible PIN code both for the device and a different one for your Google Wallet then there may be opportunities for criminals to take advantage.
Update: PC Magazine’s @MarkHachman got in touch with me to point out that you get five chances to enter the correct four-digit PIN and after that “the phone’s secure element is wiped clean”. That sounds like a good way of defending against a brute force attack against the PIN, but I wonder if the threat of having their Google Wallet disabled will actually encourage users to choose potentially risky easy-to-remember PINs or simply use the same PIN that they use for the phone as a whole.
Don’t throw away your wallet just yet
I don’t want to rain on the parade entirely, however. It’s not Google’s fault that people might choose dumb obvious PINs or use the same PIN code for their digital wallet as for the device itself (although Google might do some work to reduce the likelihood of those happening, or give an option for longer pass codes).
Update: Google has told PC Magazine reporter @sarapyin that Google Wallet “rejects ‘obvious’ PINs”. If that’s the case then we should welcome that news, but I still think it would be a positive step if Google Wallet offered the option of longer pass codes and/or more than just a numeric key for your wallet.
We may be a long way off throwing away our physical wallets entirely – as folks still like to carry around their receipts, driving license, business cards and some old fashioned bank notes – but we will see mobile devices being used more and more for commerce.
It’s going to take some years for merchants to invest in the hardware to provide support for Google Wallet, and some may prefer to wait and see how the market plays out and if a rival option becomes more popular.
Always have a backup
I have one piece of advice though, which will probably hold true for many years to come. Think about this. What happens when your smartphone runs out of juice?
You won’t be able to open your Google Wallet app to pay for the late night train ride home if the battery is flat. Then you’ll be rueing not having a real credit card in your pocket or a couple of notes hidden in the sole of your shoes.
* take out your smartphone
* unlock it
* run the Google Wallet app
* enter the PIN for your Google Wallet app
* swipe your smartphone against the coffee shop's pay point.
And what's the alternative?
* take out your wallet
* take your card out
* put it into the chip and pin machine
* enter PIN, wait for the process to finalise, receipt to print etc etc
It's so that google can make more of a profit. Greedy cows..
So when credit card companies do it, its okay?
* take out your smartphone
* unlock it
* run the Google Wallet app
* enter the PIN for your Google Wallet app
* swipe your smartphone against the coffee shop's pay point.
What's the alternative?
* Take out a £10 note and give it to the checkout person
* Get your change and whatever item you bought
* Sorted
It's why most of us use cash.
In any case, the traditional credit card alternative is shorther, especially when you should add to the smartphone: "wait for the process to finalise, receipt to print, etc etc" just as in the case of the credit card ,and "turn off your wallet app".
Google try is great in the sense of adding a new potential functionality to smartphones but its use is far from being adopted in the short time. Lots of work must be done so as it becomes a real alternative to credit cards.
The convenience is more in the fact that you don't even need to carry around a wallet, rather than how you pay for something. With all these kids (and some fashion conscious men) wearing these skinny-leg jeans now, pocket space is expensive
Wow, its really amazing. Google is trying really very good products. I always uses this website for latest techno news. Thanx very much sophos.
(Note to self: When visiting Sophos next time, steal Mr. Cluley's shoes. )
On topic: It's going to be quite a few years before I am willing to use my Smartphone as a credit card, but I've no doubt it will be a payment standard soon enough. Before I trust it though, I'd like more thorough authentication methods available than a simple pin code combination.
People who pick poor passwords on their phone are probably the same people who pick poor ATM PINs for their actual credit card.
It's still two-factor authentication, the 'something you know' is now just entered into the phone as compared to the merchant's PIN pad.
So a small radio signal is all that is required for payment?
Great all it takes is for another device to read and copy the signal to send to other devices and congrats you just got fraud on your account!
I imagine it'll be a two-way communication, challenge and response with PKI etc, not the same signal that can just be copied and pasted. Certificates can be revoked too, so it's quite secure, but all they need is your PIN.
All this PKI, cryptography and authentication stuff is all very pretty (which is why I study it), but does it still protect the information if the device is mislaid/stolen? Does it use a publicly-known and open source cryptosystem, or a proprietary one with flaws we don't know about yet?
Do you know something called "Encryption"? What about wireless pin machines? Same stuff, and they work with the easily cracked WiFi… -_-
So now if you lose your phone, you're even more screwed? It's bad enough that nobody remembers anyone's phone number any more, but now being unable to pay for things as well?
Yes and if you lose your wallet you're screwed too (correction: even more screwed). What's the difference?
Harder to lose two things than one thing. At least if I lose my wallet, I still have my phone. With this, it takes one lapse in concentration (which DOES happen) and you're left with no recourse, no ID, no method of contacting anyone else. At least having one left over means you can do *something* about it.
Hahaha sure thing man. Why don't you just get 10 different wallets, and keep your ID in one, your ATM card in another, your cash in another, your credit cards each in their own… then you'll be uber secure!
If I lose my phone I'll borrow someone else's or walk to the customer service desk, make ONE phone call (yes Google has live customer support for Wallet), and my Wallet is locked. If I lose my physical wallet, I have to try to remember all the cards I had in it, somehow figure out the 1-800 number to deactivate each one, kiss whatever cash I had goodbye, etc.
That said… if you feel more secure having a separate phone and wallet, go for it. I love the idea of having all my payment methods, loyalty cards, coupons, etc. in one virtual place that's secure, accessible from multiple devices, and convenient.
Okay these 'top 10 passwords' things are misleading and you guys really need to stop using them. Obviously the top ten passwords are all going to be terrible, easily guessed things. That's the only type of password that will be common! All the people with good passwords will have DIFFERENT good passwords.
The only relevant statistic is what percentage of people are using these bad common passwords. Not which bad passwords are the most common. There are many good passwords but only a few bad ones, so crying, "look, more people use 'password' as their password than anything else!" is really telling us less that it appears.
The research indicates that 15% of all iPhone owners use one of just ten passcodes on their lock screen.
I think that's worth warning people about, right?
Graham:
Google Wallet locks down the Wallet application after five mistyped PINs. It then requires a phone call to Money Network to get a new PIN, where you'll have to produce proof of ID, including name, address, SSN, and other info. Fail that, and you have to provide written proof.
Granted, you shouldn't use a common PIN, but there are other protections in Wallet that Google hasn't publicized and I guess others haven't asked about. (And I'm not trying to argue that this stuff isn't foolproof, either.)
(See the second page for the security stuff.)
http://www.pcmag.com/article2/0,2817,2393185,00.a…
Thanks Mark – I've incorporated some of your comments and your link in an update to the article above.
I do wonder if the five-tries-and-youre-out might actually encourage folks to use *simpler* PINs however… which would be a shame.
I would love to see metrics around password strength when there is a device wipe or a lock out like this that takes a little bit of effort to fix.
This is a challenge I think many security professionals fight daily – that a device wipe is a strong enough control to compensate for weak password.
Yes, I agree, but you're missing my point. If you look at the percentage of people with bad (easily guessed) passwords, whether that percentage is 50% or 1%, the top ten passwords are _still_ going to be bad ones. That's because everybody who has a good password has a different good password to everybody else.
The infographic in this article doesn't even show those relevant percentages. We're supposed to just look at the bar graph and see that the most common password is 1234. Of course it is! It is always going to be! Unless _absolutely everybody_ is using a good password (and that's very unlikely), the most common password will always be a bad one, because _each individual_ good password will be uncommon.
More Google Wallet hands-on research:
Google Wallet shuts down Wallet after five (technically it’s six attempts).
After three wrong attempts, it locks you out for three minutes.
After four wrong attempts, it locks you out for six minutes.
After five, it locks you out for nine minutes.
After that, you’re required to call Money Network (which administers Wallet) and give them proof of ID (name, address, SSN, etc.) It might be possible to pull at least some of this stuff from the phone’s Gmail account. But since I don’t have access to the main account info (my Wallet is loaded with my money, but it’s a demo Google account) I can’t say what they ask for. Or, to be clear, I’m not willing to try, since I’ll clearly fail. 🙂
Good additional info Mark. Thanks!
And how mean of Google to make you test with your own money! 😉 You'd think they could spare a nickel or two…
Graham I'm guessing you haven't actually used the Wallet app have you? You don't have to specifically start the Wallet app, just wave your phone near the reader and it pops up automatically. In practice it's at least as fast as using a plastic card, except for the PIN part.
And yes lots of people choose easy to guess PINs but so what? Plastic credit cards have NO PIN whatsoever. At least it's one more hurdle. If I lose my wallet and someone finds it, they can instantly use my cards. What's worse, I have to remember the 1-800 number for EVERY different card I have and call them to de-activate it.
Another hacker employer. Not will the wallet be hacked, but how soon?
I see this as an interim step in so far as the mass uptake will never happen overnight. Think how Steve Jobs introduced us to the touch screen navigation – first iPhone revolution followed by more and more subtle refinements until – ta da the ipad.
The NFC is the next step IMHO but we need to have secure and personal wifi connections to trust our payment info.
I don't understand the rationale behind this question:
"When you're waiting to slurp your steaming skinny caramel macchiato and munch on your toasted onion bagel with low fat cream cheese and bacon, will you be entering a PIN code that is convenient or one that is more secure?"
Given that all pin codes need to be 4 digits long, why would a "bad" pin be more convenient than a "good" pin?
In short, why is "1234" more convenient than, say, "1872" ?
I was trying to suggest "convenient for the user to remember"
Like 1234, 1111, or the same PIN code they use to lock their phone or for the ATM machine.
Sorry if that didn't come across.
It sounds amazing, but isn't their a huge security risk with allowing a mobile phone access to your account, hackers comes to mind. …….
They do this all the time in Japan so it’s not a huge issue in terms of security. The bigger issue here is Google controlling your payment methods. In the ideal situation you can load up your existing credit cards to the wallet application, then choose which you want to use for payment. That makes it truly a “wallet” rather than just a new payment device. The author didn’t get into those type of details, the interesting ones, like can you use for example Dwollah which is ACH, can you use debit card from your local bank, can you use American Express, can you use your favorite credit card which gives 1% back. Making NFC payments from a tap reader is absolutely simple and not even interesting, it is what type of payment options that is interesting. I heard they only offer one card, a crummy Citi card, on these “wallets” which raises all kinds of problems with Google being evil. Perhaps Google now gets your 1%, instead of you. No company should control access to the NFC interface, it prevents anyone from innovating. Google is truly becoming evil.