Looking Into Google Wallet’s Security Setup

Google just announced its new near field communication payment service, Google Wallet. We’ve looked at Google’s NFC service and security before, but at that time the details were still scarce. Now we’ve gotten a better look at what lies within Google Wallet. It’s part service, part hardware, and part app.

The Service
Google Wallet is a variation of the usual “tap and pay” NFC payment service: Instead of using your PayPass credit or debit card, you use your Nexus S smartphone at the cash register. By partnering with MasterCard, Google gets access to the former’s network and the large number of stores and businesses that have PayPass readers installed. This is usually the safest part of the system, with the credit card processor maintaining payment card industry data security standards (PCI-DSS). You’re more likely to be hit by a crook brushing by you with an RFID reader to steal or transmit your credentials to a fake RFID card (called a ghost and leech attack).

The Hardware
Currently only one phone is supported, the Nexus S (on the Sprint mobile network). A Citi MasterCard or Google’s own prepaid card are required to use the NFC hardware built into the phone. Your credit card credentials (and eventually your coupons and loyalty cards) are stored in a “secure element” (the NXP PN65K chip). The chip uses cryptography (PKI and Triple-DES) and memory protection to ensure that criminals will find it very difficult to extract your credit card information. The “secure element” does not protect you alone; it also interacts with the Google Wallet app to prevent easy thefts.

The App
The Google Wallet app plays a role in storing and accessing your credit card information from the “secure element”. Unlike with your credit cards, you need to enter a PIN to initiate a tap-and-pay transaction. This step prevents the bad guys from brushing by you in a crowd to grab your info via NFC.

Android apps are relatively easy to reverse-engineer, so that would probably be the first step an attacker would take. Google says that only authorized apps will have access to the “secure element” chip, and the chip uses asymmetric encryption to authenticate access to stored secrets (credit card credentials). This implies that an attacker has a good chance of extracting the authentication key from the Google Wallet app. The next step would be to create a malicious application that emulates the official Wallet app to fool the “secure element” chip into giving up your credentials. From here, the attacker can collect account information for sale or for attempts at cloning the data to new NFC cards.

The Google Wallet app has not yet been widely released, so it’s difficult to properly identify possible weaknesses. Once it’s available on more phones, we’re bound to see more research from both the criminal element and legitimate security researchers.