Google has released an update for its payment service Wallet, allowing attackers are not easily able to access the account. A “brute-force” hack on rooted Android devices is, however, possible.
According to the internetgigant can users of prepaid cards to link their Wallet account. Rather, it proved possible to gain access to other people’s Wallet account by the application data to throw away and own a prepaid card to link. With the released software update it is impossible to have an existing prepaid card to link to someone else’s Wallet-account. This seems to Google, however, is not the problem to have been corrected with the disposal of the application data, the pin code is reset.
Also it is possible to retrieve the code by a brute-force attack that was recently published. On a device with root is the hash of the pin code read out, after which the pin is obsolete can be generated hashes, piece by piece, to compare with that of the pin. Google indicates that its Wallet app is not intended for use on rooted Android devices, and claims that there is insofar as known no abuses. It seems, therefore, that the internetgigant for this problem, no fix is going to bring. Therefore it is not excluded that there is another way is found to make the money what a user already has on his Wallet-account, had been to scam.
Wallet is the mobile payment service from Google and works for the time being only in a few stores in the United States. If and when the service in the Netherlands is going to be launched, is unclear.