Google Wallet's PIN security has been cracked, but there's a caveat -- this currently only is an issue if your phone is rooted. Not rooted? No worries. And with that said and done, here's the deal:
Your Google Wallet PIN (Personal Identification Number) is stored encrypted on your device, and a brute-force method was found to expose the SHA256 hex-encoded PIN information inside the database. This method, which was irresponsibly released to the public, can find the PIN without any incorrect attempts in the Wallet app itself, negating the five-try rule the application has for PIN entry. (See it in action after the break.)
Now here's the not so sexy way to describe it all. You'll need to have a phone with Google Wallet, AND have rooted your device, AND have not set a secure lock screen, AND then lose your phone. The person who finds it THEN can use the app the fellows at zvleo have made and since distributed to brute-force the PIN and THEN can use your phone to make payments, just like they could if they found your credit card, which likely would be quicker and easier than any of this.
Google has been notified and already knows how to fix the issue, but there's a problem. To make it more secure, Google will have to move the PIN information to be controlled and maintained by your bank. This not only will require some changes to the terms of service, but then we're relying on corporate banking institutions to keep our information safe. I'd wager that Citigroup's servers are easier to break into than Google's, and then you have the same issue all over again.
A better way to fix the problem would be to force users to use a better password. PIN information can be cracked so easy because it only uses four numbers. This means that there are only 10,000 possible combinations, and even a portable computer like your Android phone can pull off that sort of brute-force attack. Change the passcode to something like Fgtr5400&d77 -- using a combination of letters, numbers and symbols -- and it's far less likely to be broken, and even less likely to even be used because it's not convenient. It's a Catch-22 -- a PIN is easy to use and remember, but it's also more easy to crack.
I'm not going to tell you to stop using Google Wallet, nor am I going to tell you to stop rooting your phone. I am going to tell you to pick it up, and put a passcode on the lock screen now, before you lose it.
Source: zvelo
Youtube link for mobile viewing
Have you listened to this week's Android Central Podcast?
Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.
We may earn a commission for purchases using our links. Learn more.
Review: ECOVACS Deebot OZMO U2 Pro is perfect for tackling pesky pet hair
ECOVACS recently released the Deebot OZMO U2 Pro. But is this a robot vacuum worthy of purchasing?
These are the best apps for your Android device — period
It can be difficult to find the "right" app when surfing the Play Store simply due to the sheer number of options available. Regardless of what type of app you're looking for, there's an app that can help make your life easier.
Want an Oculus Quest 2? Here's where to buy one!
The Oculus Quest 2 represents the future of wireless VR gaming systems. Here's where to buy one, and all the accessories you'll need for it, too!
The Xperia 1 II is our favorite phone for shooting video
If video recording is your thing, then look no further than the Sony Xperia 1 II — it offers a large screen, three great cameras, and extremely robust manual video controls.