Google is reportedly aware of and working to fix a major security issue relating to its Google Wall service on rooted Android phones.
Updated with Google’s response below.
A video posted by Zvelo (via 9to5Google) shows the PIN verification system on rooted devices that carry Google wallet can be cracked using an app that is freely available online.
Zvelo said on Wednesday that it immediately reported its findings to Google, which ”agreed to work quickly to resolve it”, however the company says that Google “ran into obstacles” which meant that it is yet to release a fixed version of the app.
If you’re running a rooted version of Android, you should seriously tread carefully until Google releases a fix for the problem. The password setting can easily the verification system can be overridden easily, even after the PIN is changed.
We’ve contacted Google for comment on the issue and will update the post with any feedback we receive.
Update: Google has provided The Next Web with a statement however there is no mention of whether it is working on a fix, which zvelo claims has since stalled.
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.
I don't know much about Android phones, but why does this only apply to rooted phones?
- spam
- offensive
- disagree
- off topic
LikeGoogle needs to fix not just this flaw, but they need to fix their latest update which now doesnt work with the Secure Element in the phone if your phone is rooted.
That is way more important to me than some password finder-outer that is hard to find online, has to be side loaded, and then ran. If the secure element on the rooted phone doesnt work, the app doesnt work, if the app doesnt work, one cant charge up anything anyway. So the whole system is based on a flaw that doesnt really matter since the secure element no longer works with Google Wallet...
See what I mean.
- spam
- offensive
- disagree
- off topic
LikeJust to clarify, you only need to worry if you have a device with Google Wallet, AND you have rooted your device, AND have not set up a lock screen, AND lost your phone. THEN, the person who finds it needs to use a specific app to force-brute your PIN number, THEN they can use your credit card - just like they could if they had found your plastic credit card (which turns out, remains the quicker way to steal your credit card).
- spam
- offensive
- disagree
- off topic
Like