Vulnerability in Google Wallet allows hackers to gain access to the PIN-code device.
As said the company Zvelo, specializing in developing technologies in the field of IT-security in the payment system Google Wallet contains a vulnerability allowing hackers to gain access to the PIN-code device.
Before the implementation of monetary transaction using Google Wallet, the system requires the user to enter four-digit PIN-code. Researchers at Zvelo found that the PIN-code in the form of hash is stored in the phone memory and it can be decrypted using the brute-force attack. Attackers know that the PIN-code consists of four digits, and is used to encrypt known algorithm SHA256. Accordingly, in order to find the password, they need to go through ten thousand possible hashes and compare them with the fact that stored in the memory device. Judge us by Joshua Rubin said that such calculations are not a problem even for a device such as a smartphone.
Also Zvelo experts noted that the implementation of hacking, hackers need to get root-access to a device that will appeal to that part of the phone memory, where the stored PIN-code. Then, using a special prilodeniya can easily find and choose a hash PIN-code.
Note that at this point the risk of mass attack is small, because the payment system Google Wallet will only work in the U.S. and only on the smartphone Samsung Nexus S 4G, in the version with the contract mobile operator Sprint.