Hackers about hacking techniques in our IT Security Magazine

Security flaw identified in Google Wallet

Security researchers have uncovered a method of cracking Google Wallets PIN security in just a matter of seconds. The Google Wallet application stores a hash of the PIN, which allowed them to create a matching PIN simply by hashing all 10,000 possible numbers which only took a few seconds. Closer examination of the per-app DB, the metadata table contained three rows with some data in each.

An encrypted file system named id ‘gmad_bytes_are_fun’ was present in the metatable – but why store in the metatable? We are not sure as this encrypted file should have resided in the Secure Element (SE). Some of the data needed parsing but given this was compiled using Google’s own “Protocol Buffers” it wasn’t long before the researchers could uncover the contents of the binary data which included the UUID, GAIA, C2DM, Google Wallet Setup status, TSA, Secure Element (SE) status and most scary of all – the ‘Card Production Lifecycle’ (CPLC).

February 10, 2012

0 Responses on Security flaw identified in Google Wallet"

Add Comment Register



Leave a Message

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>