AGL 40.21 Increased By ▲ 0.18 (0.45%)
AIRLINK 127.64 Decreased By ▼ -0.06 (-0.05%)
BOP 6.67 Increased By ▲ 0.06 (0.91%)
CNERGY 4.45 Decreased By ▼ -0.15 (-3.26%)
DCL 8.73 Decreased By ▼ -0.06 (-0.68%)
DFML 41.16 Decreased By ▼ -0.42 (-1.01%)
DGKC 86.11 Increased By ▲ 0.32 (0.37%)
FCCL 32.56 Increased By ▲ 0.07 (0.22%)
FFBL 64.38 Increased By ▲ 0.35 (0.55%)
FFL 11.61 Increased By ▲ 1.06 (10.05%)
HUBC 112.46 Increased By ▲ 1.69 (1.53%)
HUMNL 14.81 Decreased By ▼ -0.26 (-1.73%)
KEL 5.04 Increased By ▲ 0.16 (3.28%)
KOSM 7.36 Decreased By ▼ -0.09 (-1.21%)
MLCF 40.33 Decreased By ▼ -0.19 (-0.47%)
NBP 61.08 Increased By ▲ 0.03 (0.05%)
OGDC 194.18 Decreased By ▼ -0.69 (-0.35%)
PAEL 26.91 Decreased By ▼ -0.60 (-2.18%)
PIBTL 7.28 Decreased By ▼ -0.53 (-6.79%)
PPL 152.68 Increased By ▲ 0.15 (0.1%)
PRL 26.22 Decreased By ▼ -0.36 (-1.35%)
PTC 16.14 Decreased By ▼ -0.12 (-0.74%)
SEARL 85.70 Increased By ▲ 1.56 (1.85%)
TELE 7.67 Decreased By ▼ -0.29 (-3.64%)
TOMCL 36.47 Decreased By ▼ -0.13 (-0.36%)
TPLP 8.79 Increased By ▲ 0.13 (1.5%)
TREET 16.84 Decreased By ▼ -0.82 (-4.64%)
TRG 62.74 Increased By ▲ 4.12 (7.03%)
UNITY 28.20 Increased By ▲ 1.34 (4.99%)
WTL 1.34 Decreased By ▼ -0.04 (-2.9%)
BR100 10,086 Increased By 85.5 (0.85%)
BR30 31,170 Increased By 168.1 (0.54%)
KSE100 94,764 Increased By 571.8 (0.61%)
KSE30 29,410 Increased By 209 (0.72%)

Users of Google smartphone wallets were being warned on February 10 that there is a way to crack pass codes intended to thwart thieves from going on illicit shopping sprees. Zvelo Labs researcher Joshua Rubin was featured in a video at the company's website demonstrating software that quickly figures out a Google Wallet personal identification number (PIN), provided the crook has the smartphone.
Rubin said that Google has been alerted to the vulnerability and is moving swiftly to fix it. He has not made his wallet "Cracker" application public. "Google Wallet allows only five invalid PIN entry attempts before locking the user out," Rubin said in a blog post.
"With this attack, the PIN can be revealed without even a single invalid attempt," he continued. "This completely negates all of the security of this mobile phone payment system."
"Once attackers get your PIN, they have full access to any credit card information stored in the app and they can use your phone to make purchases," McAfee security firm researcher Jimmy Shah said in a blog post.
"As a user of Google Wallet, the main security you see is the PIN," McAfee added. "What makes Wallet easy for you to use now makes it easy for attackers to use; they can now spend your money and credit just as if your phone were an ATM card."
Rubin dismissed the threat of hackers picking Google Wallets remotely, explaining that physical access is needed to get priority access to controls in a process called "rooting."
Security specialists advise Google Wallet users not to "root" smartphones, and to enable security features such as full-disk encryption and screen locks.
Google Wallet is available only on Nexus S and Galaxy Nexus smartphones. Google said it planned to expand the feature to more Android phones.
Google Wallet uses a near field communication (NFC) chip embedded in a phone to allow a user to "tap-and-pay" for purchases at a checkout register equipped with the PayPass system from CitiMasterCard.

Copyright Agence France-Presse, 2012

Comments

Comments are closed.