Google Wallet vulnerabilities exposed

Google Wallet vulnerabilities exposed

Tags:    Google   Google Wallet   m-commerce   NFC   PIN

By Sarah Jacobsson Purewal, PC World (US) | Feb 13, 2012

Google's new NFC system that purports to turn your phone into a credit card can be compromised using a brute-force attack -- and that raises questions about its security.

Security firm Zvelo has discovered that the Google Wallet PIN, which is required of users to confirm purchases made with their phones, can be cracked via an exhaustive numerical search. Being able to access the PIN would allow criminals to use a Google Wallet-enabled phone to make purchases.

Because they're in the security business, Zvelo disclosed the issue to Google, which has confirmed that the vulnerability exists, and has "agreed to work quickly to resolve it."

Google Wallet is the first publicly available Near Field Communication (NFC) payment service in the U.S., and it's only available on one phone, on one network -- the Samsung Galaxy Nexus S 4G on Sprint.

NFC payment systems let users pay for items in brick-and-mortar retail stores by tapping their NFC-enabled device on a PayPass reader, or a small electronic box. NFC isn't limited to smartphones -- Google Wallet is partnered with MasterCard, which has been using NFC chips in some of its credit cards for several years, and which originally developed the PayPass reader.

There have been some questions about NFC security, and other wireless providers, such as AT&T, Verizon, and T-Mobile, currently do not allow the Google Wallet app on their smartphones. (Though this is probably because they're working on developing their own NFC payment system.)
However, because the Verizon Samsung Galaxy Nexus has NFC technology built-in, it is possible to install the Google Wallet app on that phone.

 
 
12 > >>

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Accelerating the Deployment of the Evolved Cyber Range
Ixia BreakingPoint creates an Internet-scale cyber range environment from a single 7-inch-high device for arming and training cyber warriors. Learn how BreakingPoint can be used by organizations to defend national interests by assessing, educating, and certifying elite cyber warriors and equipping those forces to harden the resiliency of critical network and data center infrastructures.
A Six-Step Plan for Competitive Device Evaluations
This paper presents a six-step methodology for conducting competitive product evaluations that provide advance insight into the performance, security, and stability of devices within production network and data center environments. Following this will give insights on how to evaluate and select the network or security devices for Enterprise, Federal, and Carrier Infrastructures
 
 
 
A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware
This is a case study about a sophisticated, multi-dimensional and targeted attack that stole an estimated 36+ million Euros from more than 30,000 bank customers from multiple banks across Europe.
Symantec, Singapore school partner to nurture next-generation security talents
Symantec Corp. and the Singapore Management University will jointly train and equip IT security professionals with the latest knowledge and skill sets in information security.