Google’s ambitious endeavor to become a major force in the emerging industry of mobile commerce has been going well. The company’s Google Wallet mobile payment application has been well received amongst consumers with NFC-enabled smart phones. There may be a problem, however, with the security of Google’s system. The acclaimed technology company has been adamant in their claims that NFC transactions with Google Wallet are entirely safe, as the application boasts of a number of high-end security features. It seems that Google did not account for hackers using brute force to gain access to the financial information of Wallet users.
Zvelo, a technology and research company with more than 150 software engineers on staff, have found a significant problem with the way Google’s Wallet system works. Whenever a purchase is made using the app, users will have to input a four-digit PIN to complete the transaction. This is a typical security feature, but what is less typical is the fact that the Wallet system saves this number to the phone it is installed on. The number is encrypted but that does not usually present much of a challenge to tenacious hackers. Zvelo researchers were able to use brute force to decrypt the pin in a little over a second.
Brute force programs are not uncommon tools for hackers. They are simple – hence the name – and effective programs. Google has touted the security of its system in the past, but with the Wallet being compromised so easily by a simple program, the company will have to rethink its approach to security.