Incidents

Will the PIN hacks be the end of Google Wallet?

Last week researchers found vulnerabilities in the Google Wallet payment system. The first vulnerability was found by Zvelo, which required root access. Rooting devices has become just short of trivial at this point with the avaibility of “one-click root” applications for most platforms. The vulnerability was leveraged to display the current PIN number. The very next day a new vulnerability was discovered in how application data is handled in the Wallet app. In this case no root access is needed, as thesmartphonechamp demonstrated , this is simply a flaw in how the application works. Assuming a Google Prepaid card has been set up, a user can navigate to the application management interface, and delete application data for Google Wallet. On return to the app’s interface, the user is then prompted to set up a new PIN. The flaw is that the Google Prepaid card data persists. After establishing a new PIN number, the attacker is free to use the prepaid card as though it was their own.

I believe that once you attach credit card data to a platform, you can expect the interest from attackers to grow exponentially. We’ve already seen banking malware developed for Android, and once Google Wallet becomes ubiquitous across all Android devices, we can expect to see a lot more.

I expect these to be just the beginning of a scavenger hunt for Google Wallet vulnerabilities in the future. Especially assuming the amount of financial backing Google has wedged behind this initiative. Finance firms Mastercard and Citi are just a few of the growing list of partners . Will the PIN hack be the end of Google Wallet? Certainly not. We’ve just entered a transitional phase where the cash register is moving from the store front into your pocket. And while the Secure Element technology offers a lot of security through encryption of your data, if the interface can be beaten, all that math goes to waste.

Will the PIN hacks be the end of Google Wallet?

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox