A recent report from viaForensics has pointed out a certain security issue with regards to Google Wallet. According to their statement, users’ PIN can be easily made known due to personal information and payment profile that remains unencrypted. Exploring through the application’s code and utilizing open resources provided by Google itself to determine the contents, it was revealed that there was a very important set of data, including user IDs, information on one’s Google account, as well as the user’s PIN that had been stored in the form of a SHA256 hex-encoded string.
Because such string has been recognized to include four digits, it can take a few to 10,000 computations in order to decode such numbers. A Wallet Cracker app was even developed to demonstrate how a user’s PIN in Google Wallet can be easily worked out. Google has stated that the most affected users are the ones who are using rooted devices; therefore, it has been encouraged that people should not install Google Wallet on a rooted device for increased security.
See how the Wallet Cracker app works:
Such reports have reached Google and while the company has made its attempts to reduce such vulnerability, their efforts have been slowed down due to the need to work together with the banks. Altering the way with which the users’ PIN is stored will also bring about change with which security is provided, hence the need for coordination with banks. Nevertheless, according to Zvelo, users can still maintain security for their Google Wallet by enabling their lock screen, disabling USB debugging, allowing Full Disk Encryption, and using an up-to-date handset.
You might also like
Tags: google wallet, google wallet hack, google wallet PIN hack, pin hac, wallet cracker app
