Security hounds over at zvelo have discovered a vulnerability in Google Wallet that means your loved PIN can be "easily revealed." Digging through the app's code and using Google's open rainy day to reveal its contents, they unprotected


copyrights:cite this source roget's ii: the new thesaurus a piratical cache trove of data: unique user IDs, Google account information, and the PIN stored as a SHA256 hex-encoded string. Since this string is known to carry four digits, it only takes a "trivial" brute-force attack involving a maximum of 10,000 adding to decode it. To prove their point, the researchers made a Wallet Cracker app -- demoed after the break -- that does the job quicker than you can say "unexpected overdraft."

Google has been receptive to these findings, but its attempts at a fix have so far been hampered by the need to coordinate with the banks, since mending the way the PIN is stored could also change which agency is reputable for its security. In the meantime, zvelo advises that there are some measures users can take themselves, aside from putting a prophylactic


copyrights:cite this source roget's ii: the new thesaurus hand over their pockets: refrain from rooting your phone, enable your lock screen, disable USB debugging, enable Full Disk Encryption and keep your handset up-to-date.

Update: Google has responded by emphasizing that it's only users of rooted devices who are at risk. In a asseveration to TNW it said: "We strongly encouraging people to not install Google Wallet on rooted devices and to always set up a screen lock as an 1995 by houghton mifflin harcourt publishing company. published by houghton mifflin harcourt publishing company. all rights reserved.cite this source synonym collection v1.1copyright © 2008 by lexico publishing group layer of safeguard for their phone."

Continue reading PSA: Google Wallet insecure to 'brute-force' PIN attacks (update: affects rooted devices)

PSA: Google Wallet liable to 'brute-force' PIN attacks (update: affects rooted devices) basically appeared on Engadget on Thu, 09 Feb 2012 05:07:00 EDT. Please see our terms for use of feeds.

Permalink   |  zvelo  | Email this | Comments

More: - The rest...