PSA: Google Wallet vulnerable to 'brute-force' PIN attacks (update: affects rooted devices)

Security hounds over at zvelo have discovered a vulnerability in Google Wallet that means your precious PIN can be "easily revealed." Digging through the app's code and using Google's open resources to reveal its contents, they uncovered a piratical treasure trove of data: unique user IDs, Google account information, and the PIN stored as a SHA256 hex-encoded string. Since this string is known to carry four digits, it only takes a "trivial" brute-force attack involving a maximum of 10,000 calculations to decode it. To prove their point, the researchers made a Wallet Cracker app -- demoed after the break -- that does the job quicker than you can say "unexpected overdraft."

Google has been receptive to these findings, but its attempts at a fix have so far been hampered by the need to coordinate with the banks, since changing the way the PIN is stored could also change which agency is responsible for its security. In the meantime, zvelo advises that there are some measures users can take themselves, aside from putting a protective hand over their pockets: refrain from rooting your phone, enable your lock screen, disable USB debugging, enable Full Disk Encryption and keep your handset up-to-date.

Update: Google has responded by emphasizing that it's only users of rooted devices who are at risk. In astatement to TNW it said: "We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone."

Comments

Silent headset lets users quietly commune with computers

Advances in voice recognition technology have seen it become a more viable form of computer interface, but it's not necessarily a quieter one. To prevent the click-clacking of keyboards being replaced by noisy man-machine conversations, MIT researchers are developing a new system called AlterEgo that allows people to talk to computers without speaking and listen to them without using their ears. At first glance, the AlterEgo headpiece looks like the product of a design student who didn't pay attention in class. Instead of the familiar combination of an earpiece and microphone, the device is a cumbersome white plastic curve like the jawbone of some strange animal that hangs off the wearer's ear and arcs over to touch the chin. It might look strange, but it's based on some fairly sophisticated technology. Inside the Alterego are electrodes that scan the jaw and face from neuromuscular signals produced when the wearer thinks about verbalizing words without

Qualcomm showcases the Snapdragon S4 ahead of Mobile World Congress

We’ve already heard about Qualcomm’s latest processor, the Snapdragon S4 , which will be quad-core and utilize LTE. Qualcomm took the time to give us some details ahead of Mobile World Congress. The new SoC now supports up to three cameras (two in the back for 3D and one front-facing), 20-megapixels, and recording video at 1080p (30fps). We can also expect zero shutter lag, 3A processing (autofocus, auto exposure and auto white balance), and improved blink/smile detection, gaze estimation, range finding and image stabilization. Last but not least, it supports gesture detection/control, augmented reality , and computer vision (via Qualcomm’s FastCV). Hit the break for a couple of videos featuring image stabilization and gestures.

Say Hello To Darkness In WhatsApp With Dark Mode

WhatsApp has rolled one of the most requested feature, Dark mode for all users across the globe. It is available as a part of the latest update on Android and iOS devices. Dark mode is a new design feature in WhatsApp that offers a fresh look on familiar experience and designed to reduce eye strain in low light conditions. There are many people in the planet who find dark backgrounds easier to look at for long time period, Dark mode is for them. Dark mode consumes less power especially your device has an AMOLED display. Above all, Dark mode looks cool and offers you a refreshing change from the White color theme. Enabling dark mode in WhatsApp is very easy. Here's the steps: 1. Open WhatsApp from the home screen. 2. Tap More Options. (Three vertical dots on the top right corner of the app) 3. Choose Settings. 4. Select Chats from the Settings menu. 5. Click On Theme. 6. In the Choose Theme dialog box, select Dark to turn on Dark mode. Choose Light to turn

Daily Tech News

Search This Blog