Wednesday, February 15, 2012

Google Wallet gets prepaid security fix, but 'brute-force' issue still hangs in the air

Google now says it's fixed a Wallet security flaw that potentially allowed a phone thief to spend a user's prepaid balance. The ability to provision new prepaid cards had been suspended pending the update, but has now been restored. Still, this leaves one flaw that still needs to be addressed. zvelo is the company that found the exploit. They say that people can use "brute-force" to find out what a users' pin is. Now it should be noted that this is only a problem for rooted devices. Thus, Google says that this is not that much of a problem. zvelo also says that a skilled thief can still steal your phone and then root it, allowing for the brute-force attack. Nevertheless, they are not going to give up until Google makes the pin numbers longer.

No comments:

Post a Comment

Note: This is Blogger's comment system. This system is a backup for when Disqus can't be reached by your computer, such as when your network blocks connections to disqus.com. The comment policy still applies regardless.