Skip to main content

PSA: Google Wallet vulnerable to 'brute-force' PIN attacks (update: affects rooted devices)

By


Security hounds over at zvelo have discovered a vulnerability in Google Wallet that means your precious PIN can be "easily revealed." Digging through the app's code and using Google's open resources to reveal its contents, they uncovered a piratical treasure trove of data: unique user IDs, Google account information, and the PIN stored as a SHA256 hex-encoded string. Since this string is known to carry four digits, it only takes a "trivial" brute-force attack involving a maximum of 10,000 calculations to decode it. To prove their point, the researchers made a Wallet Cracker app -- demoed after the break -- that does the job quicker than you can say "unexpected overdraft."

Google has been receptive to these findings, but its attempts at a fix have so far been hampered by the need to coordinate with the banks, since changing the way the PIN is stored could also change which agency is responsible for its security. In the meantime, zvelo advises that there are some measures users can take themselves, aside from putting a protective hand over their pockets: refrain from rooting your phone, enable your lock screen, disable USB debugging, enable Full Disk Encryption and keep your handset up-to-date.

Update: Google has responded by emphasizing that it's only users of rooted devices who are at risk. In astatement to TNW it said: "We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone."

Comments

Post a Comment

Popular posts from this blog

Wind Turbines

By
The Bahrain World Trade Center is the first skyscraper to have wind turbines integrated into the structure of the building.Three large wind turbines are suspended between two office towers. The towers are aerodynamically tapered to funnel wind and draw air into the turbines. This airfoil tapering allows the wind to enter the turbines at a perpendicular angle and increases air speed as much as 30 percent in each of the 95 ft wide turbine rotors. The turbines supply about 15 percent of the electricity used by the skyscraper - approximately the same amount of electricity used by 300 homes. Source: www.norwin.dk
Post a Comment
Read more

New record energy efficiency for artificial photosynthesis

By
As the world moves towards developing new avenues of renewable energy, the efficiencies of producing fuels such as hydrogen must increase to the point that they rival or exceed those of conventional energy sources to make them a viable alternative. Now researchers at Monash University in Melbourne claim to have created a solar-powered device that produces hydrogen at a world-record 22 percent efficiency, which is a significant step towards making cheap, efficient hydrogen production a reality. Efficiency records for solar-powered hydrogen production have continued to rise over the years, and much more rapidly as the technology and techniques improve. Even as late as December last year  Gizmag reported  a solar-driven hydrogen record efficiency at the time of just 12.3 percent, so this new record shows a very healthy 10 percent improvement on that and beats out the previous record of 18 percent. Splitting water using electricity to produce hydrogen and oxygen has been a...
Post a Comment
Read more

10 URLs to Find Out What Google Knows About You

By
Google is much more than just a search giant. It is also home to many of your favorite products: Gmail, YouTube, and Chrome, just to name a few. Apart from that, it also offers many products to help you  keep track of your data . Most of these are  hidden deep  inside the My Account dashboard, which many users don’t really know of. These hidden tools  may reveal interesting details  about your usage of Google’s many services. We’ve compiled a list of important Google URLs of some  hidden tools  that carry information of what you did with Google, mostly from the searches that you have made on their many products, the voice searches and typed out Google searches that you have made. Are you ready to  find out what how Google knows about you ? 1.  Google Dashboard Google Dashboard offers  transparency and control over the personal data stored with your Google Account. You can  view  and  manage the data gener...
Post a Comment
Read more