Establishing Digital Trust: Don't Sacrifice Security for Convenience
Researchers at zvelo recently uncovered a method of cracking Google Wallet's PIN security in a matter of seconds.
"Once the assault succeeds the attacker can read the contents of the wallet including credit card numbers and other details such as the transaction history," writes The Register's Bill Ray. "Worse still, Google can't address the flaw without shifting responsibility for the PIN onto the banks, who might not want it."
"The chaps at zvelo noticed that the wallet application stores a hash of the PIN, and were thus able to create a matching PIN simply by hashing all 10,000 possible numbers -- a process which only takes a few seconds as they've demonstrated on their video," Ray writes.
For more on this story, go to Google Wallet Hack Raises Concerns Over Mobile Payment Security.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.