Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:41 PM
Connect Directly
Google+
Twitter
RSS
E-Mail

Google Wallet PIN Cracked

Fix for vulnerability could require banks to take over some of security responsibility.



When researchers late last year revealed that the Google Wallet app stored sensitive user data in plain text locally on the device, they also gave the app credit for its PIN protection. But now that last line of defense has been exposed by another researcher, who this week released a proof-of-concept for cracking the Google Wallet PIN.

Joshua Rubin, senior engineer with Zvelo, yesterday posted his PoC that demonstrates how he cracked Google Wallet's four-digit PIN used to authorize and process mobile-phone payments. The PIN is considered the extra layer of security that a plain, old credit card wouldn't have. But Rubin poked a big hole in that strategy: "With this attack, the PIN can be revealed without even a single invalid attempt. This completely negates all of the security of this mobile phone payment system," Rubin said in a blog post today.

In December, researchers at viaForensics said they had found that the app locally stores some payment card data in plain text, such as the cardholder's name, transaction dates, email address, and account balance.



Read the rest of this article on Dark Reading

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Copyright © 2018 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service