• LOGIN
  • No products in the cart.

Security flaw identified in Google Wallet

Security researchers have uncovered a method of cracking Google Wallets PIN security in just a matter of seconds. The Google Wallet application stores a hash of the PIN, which allowed them to create a matching PIN simply by hashing all 10,000 possible numbers which only took a few seconds. Closer examination of the per-app DB, the metadata table contained three rows with some data in each.

An encrypted file system named id ‘gmad_bytes_are_fun’ was present in the metatable – but why store in the metatable? We are not sure as this encrypted file should have resided in the Secure Element (SE). Some of the data needed parsing but given this was compiled using Google’s own “Protocol Buffers” it wasn’t long before the researchers could uncover the contents of the binary data which included the UUID, GAIA, C2DM, Google Wallet Setup status, TSA, Secure Element (SE) status and most scary of all – the ‘Card Production Lifecycle’ (CPLC).

February 10, 2012

Leave a Reply

avatar
  Subscribe  
Notify of

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013

Privacy Preference Center

Necessary

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

_global_lucky_opt_out, _lo_np_, _lo_cid, _lo_uid, _lo_rid, _lo_v, __lotr, _ga, _gid, _gat, AMP_TOKEN, _gac_, __utma, __utmt, __utmb, __utmc, __utmz, __utmv, __utmx, __utmxx, _gaexp