Google’s ambitious endeavor to become a major force in the emerging industry of mobile commerce has been going well. The company’s Google Wallet mobile payment application has been well received amongst consumers with NFC-enabled smart phones. There may be a problem, however, with the security of Google’s system. The acclaimed technology company has been adamant in their claims that NFC transactions with Google Wallet are entirely safe, as the application boasts of a number of high-end security features. It seems that Google did not account for hackers using brute force to gain access to the financial information of Wallet users.
Zvelo, a technology and research company with more than 150 software engineers on staff, have found a significant problem with the way Google’s Wallet system works. Whenever a purchase is made using the app, users will have to input a four-digit PIN to complete the transaction. This is a typical security feature, but what is less typical is the fact that the Wallet system saves this number to the phone it is installed on. The number is encrypted but that does not usually present much of a challenge to tenacious hackers. Zvelo researchers were able to use brute force to decrypt the pin in a little over a second.
Brute force programs are not uncommon tools for hackers. They are simple – hence the name – and effective programs. Google has touted the security of its system in the past, but with the Wallet being compromised so easily by a simple program, the company will have to rethink its approach to security.
Filed under: Featured News, Mobile Commerce, Mobile Commerce Security, Mobile Payments, Near Field Communications · Tags: android mobile security, antivirus for mobile, best mobile security, brute force hackers, brute force programs, google mobile payments, google wallet, google wallet security, hacking google wallet, hacking program, lookout mobile security android, lookout mobile security review, mobile application security, mobile banking security, mobile commerce security, mobile computing security, mobile data security, mobile device security, mobile encryption, mobile network security, mobile payment security, mobile payments, mobile phone security, mobile phone security software, mobile secure, mobile security, mobile security android, mobile security applications, mobile security device, mobile security products, mobile security software, mobile security solutions, mobile security system, mobile security systems, mobile web security, mobile wireless security, office security, online security, secure mobile, security mobile, wavesecure mobile security, windows mobile security