Wednesday, February 15, 2012
Google Wallet gets prepaid security fix, but 'brute-force' issue still hangs in the air
Google now says it's fixed a Wallet security flaw that potentially allowed a phone thief to spend a user's prepaid balance. The ability to provision new prepaid cards had been suspended pending the update, but has now been restored. Still, this leaves one flaw that still needs to be addressed. zvelo is the company that found the exploit. They say that people can use "brute-force" to find out what a users' pin is. Now it should be noted that this is only a problem for rooted devices. Thus, Google says that this is not that much of a problem. zvelo also says that a skilled thief can still steal your phone and then root it, allowing for the brute-force attack. Nevertheless, they are not going to give up until Google makes the pin numbers longer.