It looks like Google Wallet’s PIN security has been cracked on rooted devices, although if your Android device is not rooted then the security on the Google Wallet Pin seems to be fine.
The PIN for Google Wallet is stored encrypted on your Android devices, and a method has been discovered to reveal the SHA256 hex encoded PIN information, which enables the PIN to be discovered, the crack was discovered by the guys from Zvelo.
Google has been apparently been notified about the issue, and is working on a fix, although this may involve some changes to the way Google Wallet works, and also the terms of service of Google Wallet, the video below shows the crack in action.
This is only going to be a problem if you actually lose your Android device, and if it is rooted, although if you have a passcode on your Android device lock screen then it should be harder for anyone to crack Google wallet.
You can find out more information about the security crack on Google Wallet, and what it means if you have a rooted Android device over at Android Central.
Updated 11th February 2012
Google has now releases a further statement on Google wallet and the security involved with it.
First, Google Wallet is protected by a PIN — as well as the phone’s lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level “root” access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device.
0 comments