Serious Security Flaw Found in Google Wallet
The PIN can be cracked in seconds, providing access to credit card numbers and the transaction history.
Researchers at zvelo recently uncovered a method of cracking Google Wallet's PIN security in a matter of seconds.
"Once the assault succeeds the attacker can read the contents of the wallet including credit card numbers and other details such as the transaction history," writes The Register's Bill Ray. "Worse still, Google can't address the flaw without shifting responsibility for the PIN onto the banks, who might not want it."
"The chaps at zvelo noticed that the wallet application stores a hash of the PIN, and were thus able to create a matching PIN simply by hashing all 10,000 possible numbers -- a process which only takes a few seconds as they've demonstrated on their video," Ray writes.
For more on this story, go to Google Wallet Hack Raises Concerns Over Mobile Payment Security.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.
February 13, 2012
Following the disclosure of security vulnerabilities with Google Wallet on Android, Google disables prepaid cards and advises users to enable screen locks.