A significant security vulnerability has been exposed in the Google Wallet mobile payment system by a senior engineer at zvelo, a website categorisation, URL database and malicious website detection solution provider for the OEM (Original Equipment Manufacturer) market. Through a brute-force attack (i.e. an exhaustive numerical search) the engineer, Josh Rubin, managed to crack and expose the wallet’s 4-digit PIN, which is used to authorise and process mobile phone payments. zvelo claims the reason the hack was possible is because the PIN verification is stored on the phone itself which isn’t particularly secure. zvelo reported the issue immediately to Google who checked and confirmed the vulnerability and have started making steps to resolve it, which, according to zvelo, can only be done by transferring the PIN verification to Secure Device (SE) or the NFC chip. Google emphasises that only rooted phones are vulnerable and they “strongly encourage people not to install Google Wallet on rooted devices.” The Google Wallet is currently only available on the NFC-enabled Samsung Galaxy Nexus.
Whitepapers
Related reading
Central banks best suited to issue digital currencies
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
Instant payments: innovations inbound for corporates
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
Obstacles exist for banks to meet ECB’s instant payments goal
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Banks must be aware of “biases” in data used to train ML models
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more