Wednesday, March 14, 2012

Google Wallet, with serious security flaws

The system promises to become the "digital wallet" for excellence has a long way to go, then demonstrated that it is ridiculously simple to crack.

Google Wallet not only aims to dethrone Paypal, but also to become a replacement for traditional money, managing our consumption through mobile devices. Of course to do that, should first resolve security flaws extremely basic, so basic that scare.

Indeed, in recent days reported two very serious vulnerabilities. The first was reported in zveloBLOG and allows the PIN of the service by applying brute force techniques. This technique requires that the phone is "rooteado" meaning that we have access to it with administrator privileges, which is not too hard to do. If the user rootea your mobile, without a doubt is more exposed, but if not, a potential thief could also rootear the device and get your PIN by brute force.

The second vulnerability is far more serious than the first, because you can do either directly through the Google Wallet interface itself and in a ridiculously simple. As shown in the video we published then just simply delete the data from the Google Wallet, the reboot and enter a new PIN, which will give us access to bank funds managed by the application.

We really can not believe that a system that supposedly aims to manage the money of millions of people present a such basic security flaws. And much less when it comes from a company that is full of programmers assume excellence, or at least know precisely how many golf balls fit in a school bus.

1 comment:

  1. That's pretty crazy. First time I've heard of the "Digital Wallet" concept. It's nice to see that's the new road we're headed towards in technology. It's about time that the US did this. Japan has already been using a similar pay-anywhere-with-your-phone thing for years now.