Hackers use brute force attack, crack Google Wallet PIN with ease

Hackers over at Zvelo have forced users of Google Wallet to rethink the security of the service. Using a brute force attack, they have been able to crack the PIN on a handset within minutes. To demonstrate the vulnerability of Google Wallet, they have uploaded a video of the crack. 

The demonstrator in the video that TalkAndroid got its hands on accesses Google Wallet on the phone through a PIN and then uses a ‘Wall Cracker’ app to read the PIN that he entered. Next, he goes into the settings of Google Wallet and changes the PIN. He then demonstrates how easy it is to gain access to the new PIN simply by running the Wall Cracker app.

Google Wallet stores a user’s PIN on a database on his/her phone. Since it uses a SHA256 hex-encoding to do so, it is vulnerable to a brute force attack. This attack uses a series of combinations to arrive at the correct PIN and can be carried out by a smartphone within minutes, as is demoed in the Zvelo video.

Zvelo’s efforts have shaken up users of Google Wallet. However, there are ways to safeguard ones handset against a possible hack. The most important safeguard is to enhance the phone’s lock screen security by configuring a secure pass code. This pass code could be in the form of face recognition, PIN etc. Rooted phones are at a greater risk of a hack attack. If possible, users can un-root their phones.

Of course, a handset is most vulnerable in the hands of a stranger, when it is lost or stolen. Users running Google Wallet on their phones will do well to treat it the way they treat their credit cards and keep it safe and secure and with them at all times.