First, the sky is not falling and chances are you are safe, but if you use Google Wallet, you should know that the PIN security has been cracked. Who is affected? You are vulnerable if:
You have a phone with Google Wallet set up
Your phone is rooted
You don’t use lock screen security (PIN, pattern, face unlock, etc)
You lose your phone
Basically, you need either a Nexus S or Galaxy Nexus that has been rooted. Everyone else can stop reading now.
What happened?
Google Wallet stores your four-digit PIN number in a database on the phone. It uses SHA256 hex-encoding, which means all that is needed to crack the encryption is to generate at most 10,000 SHA256 hashes…a simple task for any smartphone to accomplish. This is called abrute-force attack.
Google knows about this issue, but to fix it and make it more secure, they would have to move the PIN security to be maintained by your bank. This would force Google to update their terms of service and would require us to trust in the bank’s security. We’re not sure at the moment if this will happen. The banks may decide to simply take the risk of leaving it as it is rather than take on the responsibility of maintaining the PIN security.
Another possible fix would be to switch from a four-digit PIN to a more secure password that requires at least six digits and a mix of letters and numbers. We’re used to these types of passwords online, but not when you’re trying to check out at a store and there are people in line behind you. Plus, anything more complicated than entering a four-digit PIN would essentially kill the product since it would simply be too inconvenient to use. I doubt this will happen.
How can I protect myself?
The best thing you can do to protect yourself is to configure a passcode on your lock screen. If you are rooted, you could unroot, but I’m sure most people who are rooted want to stay that way. Of course, the most important thing is to not lose your phone.
See the vulnerability in action.The folks at zvelo have posted up a video showing how easy it is to crack the PIN.
Click for video
Unqueѕtionably consider that that you
ReplyDeleteѕtated. Υour favourіte јustification
ѕeemeԁ to be at thе net the simplеst thing to takе
іnto acсount of. I say to yоu, I ceгtainly get аnnoyed at the same tіme as folks think about conсeгns thаt they plаinly do not reсognise abοut.
You manаged to hit the nail upon the top and defined out the
whole thіng with no nеed side effect , ρeople can taκe
a signal. Wіll likely be baсk tο
get morе. Thanκs
Here is my weblog :: http://frindcapz.3Owl.com
Ӏt's actually a great and useful piece of info. I am happy that you simply shared this useful information with us. Please keep us up to date like this. Thanks for sharing.
ReplyDeleteAlso visit my site: please click the following webpage
My website: mouse click the next article
Excellent, what а web site it iѕ!
ReplyDeleteThis wеbsitе gives uѕeful data to uѕ, keеp
іt up.
Loοk into my web page - http://bilkentmedeniyet.Cu.cc/tiki-index.php?page=UserPageannettgod
Thеѕe are gеnuinely enormοus ideas in concerning blogging.
ReplyDeleteΥоu havе touched sοmе pleasant factors here.
Any way keep up ωrinting.
my sitе - V2 Cig Review
my webpage > sfgate.com
Quite a few аreaѕ have banned the act of ѕmoκing in public
ReplyDeleteаnd in conѕuming jointѕ, to
assistаnce those who ԁon't smoke sit in an environment where they aren't
at a risk from іnhаling the tοxins releasеd.
Lοok at my wеbpage v2 cigs coupon
Hi there to eveгy body, іt's my first pay a quick visit of this weblog; this webpage contains amazing and in fact good information for visitors.
ReplyDeletemy web blog; liberaldemokraterna.com
Hey there! I'm at work surfing around your blog from my new apple iphone! Just wanted to say I love reading through your blog and look forward to all your posts! Carry on the superb work!
ReplyDeletemy site :: ハミルトン 時計