Google Wallet’s Bruteforce vulnerability still at large,Google in a fix without a fix
Security researchers at zelvo have discovered a vulnerability in Google Wallet application in Android which could allow the user’s PIN to be revealed and the attacker could easily spend the prepaid balance of the victim.
The Google wallet application served as a cashless alternative to carrying around a real wallet or credit card. It was accepted by major merchants and was supported by major banks.
The security researchers have found from the open-source Android codes of the google wallet application, unique user IDs, Google account information and the PIN stored as a SHA256 hex encoded string. So the researchers made a fairly simple brute-force program involving maximum of 10,000 calculations to solve the 4-digit PIN required to use the google wallet application.
zelvo has also made an android application called wallet cracker to prove their finding, the trivial application when used gives the PIN of the installed google wallet application. It can be viewed in the video below.
Latest posts by indiandragon (see all)
- Swiftkey vs Swiftkey Tablet review - May 25, 2013
- Google + Hangout app review, messaging kills online chat ! - May 21, 2013
- Best cyanogenmod supported phone under Rs10,000 or $180 - May 15, 2013