Google has the best PhD's money can buy
Unfortunately the ones they can't buy are much smarter.
A researcher at website categoriser zvelo has discovered Google Wallet's PIN protection is open to a brute-force attack that takes seconds to complete. And Google is powerless to fix the problem, it seems. The attack is limited to instances where physical access is available, or the phone has been previously "rooted" by the …
They shouldn't be using sha as it's designed to be fast. Something like bcrypt is a much better idea as its designed to be slow. However, having only 10,000 combinations is asking for trouble. The only other other option is to authenticate it remotely where you can deal with brute force attacks.
Salting is good, but where would you keep the salt? Either it would be encrypted on the phone (and thus either having the decryption key on the phone, or the person keys it in which would make it easier to just have a longer password.) A network connection is tricky because losing a connection leaves you out, plus it's rather roundabout. And you're screwed if the server dies.
Even with a salt, there are still only 10,000 possible hashes of a PIN. The problem is that a four digit numeric password is just too friggin' short for modern cryptanalysis when an attacker has access to the hashed values; it's too easy to brute force.
Fyi, a salt only makes it hard to tell if two PIN hashes represent the same clear-text PIN.
It's pretty clear that Dr Mouse meant not a salt per se, but a secret that was unavailable to the attacker ("using some info on the Secure Element"), which would be combined with the user's PIN and then matched against the hash. That would indeed increase the work factor of offline brute-forcing the PIN.
Really, folks - learn to read.
Another solution would be to get rid of this archaic PIN crap, and allow (or, better, require) a proper passphrase. I'm guessing that most of the likely users of Google Wallet will be used to typing longer strings on their phones anyway.
Of course I still can't see any reason to use the damn thing myself. Kids, lawn, etc.
would you prefer to enter your 512 character password or just provide me with a check and show me your driver's license?
Lengthening the password and/or adding salt can lengthen the time required for the attack to work, but given this one works in seconds, and it requires physical access to the phone in the first place, changing it to hours instead of seconds isn't really all that much help.
Personally, you won't find me using any Google Wallets for anything because my experience with it many moons ago was quite on par with many of the E-Bay horror stories you've heard: money gone, no merchandise, no person at Google for me to call, no refunds ever sent. Obviously YMMV.
The fault seems to lie in the fact that the hash is stored locally and is easily accessible by other applications (in this case the PIN cracker program).
Changing the PIN to a more secure password would take longer to crack (maybe a few minutes or a couple of hours as opposed to a few seconds) but the underlying vulnerability would remain.
Ironically it's the sheer power of handsets these days that makes this a real problem - back in the days of the eWallet on the venerable Nokia 6310i with it's (IIRC) 123MHz processor, this wouldn't have been a problem as it would take several hours or maybe days to crack even the simplest 4-digit PIN.
Having said that, it's a good option until a real fix is found; ask for an 8-character (or longer) password containing lowercase, uppercase, numbers and punctuation, and it should at least discourage random PIN-swiping attacks such as could take place in a coffee shop or similar (you leave your handset unattended on the table, a thief quickly installs the cracker app, sniffs the PIN, gets your CC data and buggers off leaving behind no trace).
Not for the first time, I wonder who are the people whose time is no precious that they have to be able to pay by waving a card or a phone. Perhaps I'm a Luddite, maybe I'm stingy, but I prefer to know when I'm paying money out.
NFC payments look suspiciously like technology push to me - a solution in search of a problem.
And in fact at least Visa is pushing this, telling shop keepers that they will not have a transaction fee (or a lower one) if their customers pay by bonk. My question is why? Apart from reduced wear on the contacts on the cards or terminals, why should it be cheaper to send a few data packets over the air than by direct contact?
As it still costs VISA money to transact, the waving of a fee can only mean one of two things:
1 - the take-up isn't as great as expected in shops or with customers (personally, I seriously do NOT want that feature because you can actually read an NFC chip from about 30 meters with a good aerial)
2 - it's actually a covert way to make merchants refresh their terminals.
(possible "3" - they're PAID to get this in place - if you can poll an NFC card from such a distance you turn people into nicely identifiable and globally trackable objects, especially if you improve the reception when no transaction is pending).
Whatever the reason is, the only thing you can be sure of is that the no/low charges thing is only temporarily, a bit like the first few years of Microsoft school license policy.
I really doubt Google would choose a 4 digit pin unless it was forced on them by the payment processing system. I imagine that to get transaction history it has to go through some PIN based transaction with the bank and therefore they need to store it on the device.
I wonder what risk there is in exposure. The report suggests it exposes transaction history and some personal info which might permit some social engineering but is not as bad as the phone being able to make payments of its own without your consent.
Perhaps there is a way to salt the pin, and optionally password or face recognition protect it. The password protection could be used to encrypt the salt and pin hash so even on a rooted phone where the file is visible it would not expose the value. Or install a proxy service on Google where the actual PIN is held and requests to the bank are made and the user just uses a passphrase or local cert to authenticate with the proxy. The advantage of a proxy service is that potentially Google could detect attacks more easily.
It'll never be impossible. If you make something unrootable all you accomplish is drawing the attention of the people smart enough to find a way to root it. As proof of this concept, I offer the iPhone, iPad, Kindle Fire, Nook Tablet, most Motorolla phones, and every video game console made in the last 10 years (granted it's called 'hacking' on consoles, not 'rooting', but it's the same thing).
if you're only talking 10,000 possible combinations (of 0000 through 9999) then it is even easier to pre-compute a rainbow table once, and then simply do the matching of the captured hash to the table. The table itself would only have 10k rows and therefore has to be relatively portable.
Rainbow tables are an amazing idea. The only way around them is to have some crazy hash space where the space required to compute and store a rainbow table is prohibitive. Even then Amazon's compute cloud takes care of much of that as well.
Rainbow tables only work on unsalted hashes. If you salt the hash, then the tables become pretty much useless, as you need to compute the values each and every time, for every device.
That is the reason (for example) that WPA2 has not been able to be cracked so easily, the router (if you got a decent one, avoid the BT/Thomson ones at all costs) hashes the password with the ESSID (and sometimes the serial number) meaning that you can't use rainbow tables. You'd have to break the password for each router individually.
What Eejit thought that a 4-digit PIN was sufficiently secure in the first place to secure access to credit card details, irrespective of whether you need a rooted phone to get to the hash?
It's not a card you're putting into a hole-in-the-wall machine, it's a phone! Jeez! Did someone go beat the google softies with a stupid stick or something?
Dunno about Chocolate Factory, perhaps we should now call them "Chocolate Fire guard" as they're obviously about as useful as one of those.
if they've got your wallet, but you've still got your phone, then you can call and report your cards stolen before they have a chance to do very much with 'em. If they've got your wallet and your wallet *is* your phone, and (as seen in the article) it just takes a few seconds to work out your Google Wallet password, well, this complicates your life much further.
So to perform this hack you need physical access to the phone? Turns out that if you get hold of my wallet you will have all my credit card numbers, my driving license with my DOB and address. That sounds like a far easier way of obtaining this information.
Of course a nefarious app installed on a rooted phone is a bigger problem has it opens the potential for a remote attack. However I've yet to find a situation where pay by bonk is in any way better than cash or chip and pin.
Anyone remember how Verizon 86'ed Google Wallet on its upcoming phones... related maybe? If i remember correctly there was an article here on the register that quoted a Verizon rep who indicated security concerns regarding Google's product.
Anyway, i could be off base, but am actually impressed with Verizon for making a good call. Not surprised Google's product is crap, but none-the-less.still impressed with VZW for noticing a golden turd as turd regardless of its golden luster.
It's been abundantly clear for a while that Android is about as secure as Windows 98. iPhone too. I would never do anything financial on my Android phone. No quick trade broker apps for me.
The payment problem will be solved soon when the credit card companies replace magnetic strips with smart cards. And they will be MUCH harder to hack/crack than anything on a smartphone.
entering data on a phone is awful.
Anyway, the whole pay-by-wave thing was an attempt to make things faster (i.e. more profitable) at the till and we all knew it was going to be less secure.
It's odd. People will take more care over their wallet with £50 cash than over their £400 phone.
I still can't imagine why you would rather use a phone than a card to pay for things.
Your wallet would most likely contain stuff other than cash which would be a PITA if it got lost. Granted a modern phone would probably contain a lot of sensitive/private stuff and would also be a PITA (of a different kind) if it got lost. However, I for one, would be more likely to forget my wallet than my phone when I go out.
Found to have fooled even the most sophisticated fingerprint scanners? Body heat detection? Add a thermal element, and so on. Use a camera for visual ID? Photograph. Cloud authentication? Buildings interfere with phone signals, especially big-box stores, so some form of universally-accessible offline access MUST exist, or it won't work.
Your PINs are also subject to this little gem:
"11.1 By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
11.2 You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services."
Any fries with that?
If you've rooted and have Superuser, it'll prompt you if an app tries to run as root and will ask for permission. So this can't happen silently under default settings. Of course this doesn't protect you against a stolen phone, either rooted and then stolen or stolen and then rooted...
Definitely being pushed out, the reason seems obvious to me, which means I'm probably wrong! The card payment industry are only interested in controlling more and more of the money moving about, currently the biggest gap for them will likely be small payments, things people tend to use cash money for. That's why the first adopters of NFC are coffee shops, doughnut fiddlers and their ilk.
Actually, the cpi are also interested in shifting the burden of fraudulent transactions on to someone else. In steps chip and pin! Ooooh chip and pin will be soooo much safer, loads less fraudies. Indeed, loads less fraud paid for by the card issuers... much more paid for by the fool who's been careless with their pin.
Still, maybe I'm wrong and their just trying to make our lives easier.
Biting the hand that feeds IT © 1998–2019