© 2024 Blaze Media LLC. All rights reserved.
This wallet cannot be picked from your back pocket but it sure can be stolen from with two new security vulnerabilities being reported. Google Wallet, a virtual wallet that touts its ability to make payments instore and online securely, has an encrypted pin system that has been shown to be compromised.
First, it was reported by Gizmodo that only phones that were rooted -- meaning phones where the owner had performed a function that gives full administrative access -- were subject to a vulnerability that could expose the PIN. Now non-rooted phones have been shown to have a similar problem.
Gizmodo reports that Google Wallet uses a secure, encrypted PIN to ensure only the proper user can make purchases. It was first shown by the security firm Zvelo that if someone else got a hold of your phone, they could hack it to reveal your PIN. Watch the demonstration:
The second hack on Google Wallet, a feature currently only available on Sprint's Samsung Nexus S 4G, is technically not even a hack at all. Gizmodo has more on this recent discovery by TheSmartPhoneChamp:
What makes the new hack so dangerous is that it requires absolutely no hacking. While yesterday's exploit required you to crack encrypted files, today's requires you to simply clear the data in the app settings. Doing so forces Google Wallet to reset itself and prompt the user for a new PIN. Once that's done, the attacker ties in a Google PrePaid card to the account and presto — all previously available funds are once again accessible. The method has been tested by multiple sources and confirmed by Google itself — this is not a drill.
Watch this demonstration of the second security flaw:
Google has said that it "strongly [encourages] anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card." It is working to fix these vulnerabilities, but in the mean time, Gizmodo reports, Google Wallet users can protect themselves by 1) not losing their phones and 2) "enabling the lock screen, installing tracking software [and] encrypting your drive."
Learn more about Google Wallet with this video:
Want to leave a tip?
We answer to you. Help keep our content free of advertisers and big tech censorship by leaving a tip today.
Want to join the conversation?
Already a subscriber?
