The Latest in IT Security

Will the PIN hacks be the end of Google Wallet?

15
Feb
2012

Last week researchers found vulnerabilities in the Google Wallet payment system. The first vulnerability was found by Zvelo, which required root access. Rooting devices has become just short of trivial at this point with the avaibility of “one-click root” applications for most platforms. The vulnerability was leveraged to display the current PIN number. The very next day a new vulnerability was discovered in how application data is handled in the Wallet app. In this case no root access is needed, as thesmartphonechamp demonstrated , this is simply a flaw in how the application works. Assuming a Google Prepaid card has been set up, a user can navigate to the application management interface, and delete application data for Google Wallet. On return to the app’s interface, the user is then prompted to set up a new PIN. The flaw is that the Google Prepaid card data persists. After establishing a new PIN number, the attacker is free to use the prepaid card as though it was their own.

I believe that once you attach credit card data to a platform, you can expect the interest from attackers to grow exponentially. We’ve already seen banking malware developed for Android, and once Google Wallet becomes ubiquitous across all Android devices, we can expect to see a lot more.

I expect these to be just the beginning of a scavenger hunt for Google Wallet vulnerabilities in the future. Especially assuming the amount of financial backing Google has wedged behind this initiative. Finance firms Mastercard and Citi are just a few of the growing list of partners . Will the PIN hack be the end of Google Wallet? Certainly not. We’ve just entered a transitional phase where the cash register is moving from the store front into your pocket. And while the Secure Element technology offers a lot of security through encryption of your data, if the interface can be beaten, all that math goes to waste.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments