Google Wallet PIN Falls to Brute Force Hack Attack

This is a discussion on Google Wallet PIN Falls to Brute Force Hack Attack within the Android News forums, part of the Android.net category; It looks like the Google Wallet service has a security vulnerability that can be exploited to crack your PIN. It's important to note that several ...

Results 1 to 2 of 2

Thread: Google Wallet PIN Falls to Brute Force Hack Attack

  1. #1
    Editor in Chief dgstorm's Avatar
    Join Date
    Dec 2010
    Posts
    4,720
    Thanked
    711 times

    Google Wallet PIN Falls to Brute Force Hack Attack


    It looks like the Google Wallet service has a security vulnerability that can be exploited to crack your PIN. It's important to note that several things have to lineup to make this happen. Here's how it breaks down, and all of these things must be true for the vulnerability to be exploited:
    1. You have a phone with Google Wallet set up (currently the Nexus S and Galaxy Nexus)
    2. Your phone is rooted
    3. You don’t use lock screen security (PIN, pattern, face unlock, etc)
    4. You lose your phone

    Here's how the exploit works. Basically, Google Wallet stores your pin using a SHA256 hex-encoding. This means all that you need is a a brute-force attack to crack the encryption. You simply need to generate at most 10,000 SHA256 hashes, which would be easy for a smartphone to accomplish.

    Unfortunately, there is no easy way for Google to fix this security flaw. There are at least a couple of viable options for them. One is to offload the PIN security to the banks. However, more than likely the banks are loathe to do this, because it would mean more costs for them, and would also mean you would have to trust your bank's security system more.

    Another idea proposed is to change it from a 4 digit pin to a more secure password with a minimum of 6 digits and a mix of letters and numbers. Unfortunately, this isn't the ideal solution either, since typing in a long password could be time-consuming when you are waiting in line at a check-out counter. Additionally, the long password option could kill it as a viable idea, because it over-complicates the process, which would likely turn-off a lot of consumers.

    Because of these issues, it is unlikely we will see anything done initially to deal with this problem, especially since a number of things must occur for this to be possible. Of course, as more phones get the NFC technology, the risk factor goes up. Ultimately, it really depends upon the user not losing their phone, and/or setting a lock screen on it. It's also obvious to point out that this vulnerability only affects "rooted" users, and while that means quite a few of you guys, it doesn't really affect the vast majority of consumers. Above is a video of the exploit in action. Does this make you less likely to utilize Google Wallet?

    Source: TalkAndroid

  2. Android.net is the premier Android Forum. Registered users do not see these ads. .

  3. #2
    Super Moderator/RS SLAG IT!'s Avatar
    Join Date
    Mar 2011
    Location
    Somewhere on Kamino
    Posts
    2,814
    Thanked
    84 times
    Knew this was coming. Glad I do not use my device for any kind of money transactions.

Remove Ads

http://www.scramblerducati.org/

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Google Wallet Launching Soon
    By WenWM in forum Android News
    Replies: 3
    Last Post: 12-26-2011, 11:52 PM
  2. Replies: 0
    Last Post: 12-06-2011, 11:36 AM
  3. Google Wallet Roll Out Continue
    By WenWM in forum Android News
    Replies: 0
    Last Post: 10-17-2011, 09:18 PM
  4. Replies: 0
    Last Post: 02-05-2011, 04:32 PM
  5. Replies: 6
    Last Post: 02-04-2011, 02:05 PM

Search tags for this page

android forum

,

android hack attack

,

android hack attacks

,

faceniff

,

how long to brute force crack 6 numeric pin

,

viddy android

Click on a term to search our sites for related topics.
Android Forum