Google Wallet vulnerable to attacks aimed to retrieve your PIN number

Google Wallet vulnerable to attacks aimed to retrieve your PIN number
A simple "brute force" attack of Google Wallet's SHA256 hex-encoded string that contains your PIN number, can reveal it to hackers in just ten thousand combinations.

The security researchers that discovered the vulnerability proved how easy it is by writing the app Wallet Cracker, which extracted the PIN in no time. While digging through the open source code, they also found unique user IDs and the Google account information, rounding up the tools one would need to easily poach your associated card account.

Google has been made aware of the issue, and is working with the banks and security software providers involved to remedy this. In the meantime, the researchers suggest you abstain from rooting your handset, update your software regularly, enable the lock screen, and uncheck the "USB Debugging".

source: zvelo via Engadget


FEATURED VIDEO

2 Comments

1. Sniggly

Posts: 7305; Member since: Dec 05, 2009

So...wait a minute. The hackers can only get to the point of running this program if your phone is rooted and has no unlock security enabled?

2. paulyyd

Posts: 340; Member since: Jan 08, 2011

Lol oh google

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.