08 December 2016
Visit aciworldwide.com

Google Wallet PIN vulnerability exposed

09 February 2012  |  12251 views  |  0 safelock

Google Wallet's PIN has a security vulnerability that leaves it open to a brute force attack, according to research outfit zvelo.

Google Wallet requires users to enter a four-digit PIN to track transaction history and edit card details on its NFC mobile phone.

"Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes. This is trivial even on a platform as limited as a smartphone," says Joshua Rubin, senior engineer, zvelo, in a blog post.

Rubin built an app to test the vulnerability, posting a video of it in action cracking PINs, although only with rooted handsets.

Update: A second more serious flaw has been found by researchers at the Smartphone Champ. An option to clear data and reset payment options on the phone makes it easy for anyone who finds or steals an Android phone to take over the wallet function. It may be no different from losing your physical wallet, but this is a more pressing issue for Google Wallet users. Google says it is aware of the problem and is working on a fix. In the meantime the company is urging users who lose a phone to call a toll free number to disable the pre-paid card function.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Google Wallet stores unencrypted data - viaForensics

Google Wallet stores unencrypted data - viaForensics

13 December 2011  |  10312 views  |  0 comments
Google Wallet coming to UK ahead of Olympics - report

Google Wallet coming to UK ahead of Olympics - report

12 December 2011  |  13202 views  |  0 comments | 1 tweets
Verizon refusing to support Google Wallet - report

Verizon refusing to support Google Wallet - report

06 December 2011  |  8495 views  |  2 comments
Google Wallet gets SingleTap for coupon redemption

Google Wallet gets SingleTap for coupon redemption

18 October 2011  |  10214 views  |  0 comments
Google launches mobile wallet

Google launches mobile wallet

19 September 2011  |  17066 views  |  1 comments
Google takes the wraps off mobile wallet

Google takes the wraps off mobile wallet

26 May 2011  |  15606 views  |  1 comments
Google Android gets NFC

Google Android gets NFC

16 November 2010  |  14643 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comhttp://www.financialcrimerisk.fiserv.com/aml?r=finextraFind out more

Who is commenting?

A Finextra member Finextra Member Commented on: Payments regulator blo...
A Finextra member Finextra Member Commented on: Payments regulator blo...

Top topics

Most viewed Most shared
Guesswork alone can crack Visa card security - Newcastle UniversityGuesswork alone can crack Visa card securi...
7549 views 12 comments | 15 tweets | 27 linkedin
OCC to offer fintech firms bank charter statusOCC to offer fintech firms bank charter st...
7162 views comments | 25 tweets | 15 linkedin
China tops world fintech rankingsChina tops world fintech rankings
7016 views comments | 35 tweets | 30 linkedin
Fed Governor sounds warning on alternative credit scoring dataFed Governor sounds warning on alternative...
6341 views comments | 19 tweets | 20 linkedin
Big tech policy group calls on Trump to promote fintech innovationBig tech policy group calls on Trump to pr...
5761 views comments | 22 tweets | 11 linkedin

Featured job

to Six-Figure Base, Commission, Benefits
London, UK

Find your next job