back to article Google Wallet PIN security cracked in seconds

A researcher at website categoriser zvelo has discovered Google Wallet's PIN protection is open to a brute-force attack that takes seconds to complete. And Google is powerless to fix the problem, it seems. The attack is limited to instances where physical access is available, or the phone has been previously "rooted" by the …

COMMENTS

This topic is closed for new posts.

Page:

  1. P. Lee

    formfactor issue?

    entering data on a phone is awful.

    Anyway, the whole pay-by-wave thing was an attempt to make things faster (i.e. more profitable) at the till and we all knew it was going to be less secure.

    It's odd. People will take more care over their wallet with £50 cash than over their £400 phone.

    I still can't imagine why you would rather use a phone than a card to pay for things.

    1. Tech Hippy

      Because I've yet to find a way of remote wiping my wallet?

  2. crayon

    @P. Lee

    Your wallet would most likely contain stuff other than cash which would be a PITA if it got lost. Granted a modern phone would probably contain a lot of sensitive/private stuff and would also be a PITA (of a different kind) if it got lost. However, I for one, would be more likely to forget my wallet than my phone when I go out.

  3. Maheedhar PV

    Alternative

    How about a decent finger print scanner for authentication?

    1. Charles 9
      FAIL

      How about a gummy finger?

      Found to have fooled even the most sophisticated fingerprint scanners? Body heat detection? Add a thermal element, and so on. Use a camera for visual ID? Photograph. Cloud authentication? Buildings interfere with phone signals, especially big-box stores, so some form of universally-accessible offline access MUST exist, or it won't work.

  4. This post has been deleted by its author

  5. Fred Flintstone Gold badge

    The real reason why you shouldn't use Google Wallet

    Your PINs are also subject to this little gem:

    "11.1 By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

    11.2 You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services."

    google.com/accounts/tos

    Any fries with that?

  6. Robert Brown

    Superuser Prompt

    If you've rooted and have Superuser, it'll prompt you if an app tries to run as root and will ask for permission. So this can't happen silently under default settings. Of course this doesn't protect you against a stolen phone, either rooted and then stolen or stolen and then rooted...

  7. Dave Bennett
    Holmes

    NFC reason

    Definitely being pushed out, the reason seems obvious to me, which means I'm probably wrong! The card payment industry are only interested in controlling more and more of the money moving about, currently the biggest gap for them will likely be small payments, things people tend to use cash money for. That's why the first adopters of NFC are coffee shops, doughnut fiddlers and their ilk.

    Actually, the cpi are also interested in shifting the burden of fraudulent transactions on to someone else. In steps chip and pin! Ooooh chip and pin will be soooo much safer, loads less fraudies. Indeed, loads less fraud paid for by the card issuers... much more paid for by the fool who's been careless with their pin.

    Still, maybe I'm wrong and their just trying to make our lives easier.

    1. Dave Bennett
      Unhappy

      their?! THEIR?! I'm disgusted with myself.

  8. Anonymous Coward
    Anonymous Coward

    Why the outrage over a 4-digit pin?

    You all happily use one to protect your credit card and ATM bank account access after all...

  9. Anonymous Coward
    Anonymous Coward

    but but but...

    You *have* to use NFC for in-store purchases! Please? How else are we supposed to scrape all the data about every little thing you buy, track your movements, and get rid of all that bothersome cash in favour of 'virtual' currency?

    Sincerely,

    BigBruv

Page:

This topic is closed for new posts.

Other stories you might like