Skip to main content

Google Wallet Has Been Hacked – Two Vulnerabilities Discovered

The magic has been paused – Google Wallet which is an innovative way of payment technology from Google has been hacked today. Not with one vulnerability, but two.

The first hack is able to use brute-force attacks to reveal the Google Wallet PIN which keeps the application secure. The second hack allow access to Wallet app in your Android device and will add the ability to add the prepaid balance that is tied to the device.

 

Hacked Android 

To those who are hearing Google Wallet for the first time, it lets you digitize your credit cards and the ability to pay things using near-field communication (NFC) technology. It means, you can just touch your phone to an NFC device and the item you are buying is automatically charged to your account. Currently, only Google has implemented this technology with Google Wallet in its Android powered Nexus S 4G available on Sprint.

The first vulnerability which was discovered by Zvelo, reveals Google Wallet PIN in Android devices which are rooted. Wallet Cracker is a simple app developed by this team.

 

“The lynch-pin, however, was that within the PIN information section was a long integer “salt” and a SHA256 hex encoded string “hash”. Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes. This is trivial even on a platform as limited as a smartphone. Proving this hypothesis took little time.”

 

Watch the video below for more details -

 

 

The second vulnerability which was discovered later today works on non-rooted devices as well and requires no special hacking skills. TheSmartPhoneChamp uploaded a video demo that shows this hack. This is quite simple than earlier one. Someone who found your stolen device can easily access your digital money (funds) by just clearing the Google Wallet app data. Once the new PIN has been entered, the intruder can add your Google Prepaid Card that is tied to the device and access available money.

Second hack demo -

 

 

Google has reportedly working on these two security flaws.

Labels:

Comments

Post a Comment

Popular posts from this blog

Your Google Apps Account is Changing

Google is about to make more of its services available to organizations with Google Apps accounts. This is an early adopter phase, and all domains may not get this option to move to the new infrastructure. What this means for you: In addition to the core suite of messaging and collaboration applications, Google Apps users may now access many more Google services with their Google Apps accounts.     Those who are eligible for this early adoption, Google Apps administrator will be presented with the above banner to start with the migration. In your organization, you can transition selected pilot users and admins, or you can start the transition now for all your users. The transition for pilot users can be reverted if necessary. After successful transition, your users will now be able to use other Google popular products like AdSense, AdWords, Alerts, Analytics, Android, Blogger, Finance, Google Desktop, News, Orkut, Reader, Voice, YouTube (Full list here ). Als...
Post a Comment
Read more

How to Turn Your Android Phone into a Fully-Automated Superphone

What if your phone automatically went silent when you step into the movie theatre? Texted your significant other when you finished your long commute? Or automatically turned down the volume when a particularly loud friend called? It can; here's how. Android application Tasker gives you total rules-based automation for your Android phone. It's not free, but it offers a free 14-day trial download. Tasker can do nearly anything on your phone. It's mostly limited by your imagination. Here are some up-front ideas about neat automations that come to mind: • Set preferences for each application: Give the Kindle app a longer screen time-out. Make Maps or Foursquare automatically turn on GPS, and have a file browser launch when you trade out SD cards. Have your music and other audio apps lower the volume to 50 percent when you plug in headphones, so you never get a way-too-loud moment. • Time of day automation: Make your phone go into airplane mode overnight, but re-conne...
Post a Comment
Read more

Google Wallet: The Future Innovative Mobile Payments

Earlier few months, Google unveiled future innovative way of payment technology – Google Wallet. Today, Google released its first version of the Android app with Sprint Nexus S 4G phones through an over the air update. Google Wallet is an app that lets you pay for things using your phone, either by tying your credit card or gift or pre-paid cards. It works using an near field communication (NFC) embedded chip and there is no swiping required.   According to Techcrunch , Google Wallet will not work everywhere your credit card will. It won’t work everywhere there’s an NFC-friendly card reader, either. Wallet requires an NFC reader based on a new-ish specification, and only a select bunch of retailers have gotten around to updating. The post also had some great review and walkthrough in real life. This app is now available to Samsung Nexus S owners on Sprint, through PayPass sensors at Radio Shack, Foot Locker, Peet’s Coffee & Tea, Sunoco, CVS/pharmacy, etc. retailers. ...
Post a Comment
Read more