-
Google Wallet PIN
Google Wallet pin can be cracked in seconds. Link 1
Turns out it's not necessary to decrypt the PIN, or even hack into Google's Wallet, just ask the phone nicely and it will let anyone root though its innards. Link 2
-
Hammerhead Shark
Yeah I heard about this story yesterday and I would be concerned if I were using it. I do question googles testing process if a something like this isn't noticed. Maybe it was noticed and hope but they let it through anywyas.
Antec Three Hundred Two | Intel DP67BA | Intel 2600k | Corsair CWCH60 | CORSAIR Vengeance 16GB (PC3-12800) | PNY GTX 580 | Samsung 830 256GB SSD | WD RE4 2TB (WD2002FYPS) | Asus Xonar DG Sound | LG Blu-Ray Burner | Windows 7 Ultimate x64
Work:
Macbook Pro 15" Retina Display | 8GB Ram | 256GB SSD | Mac OS 10.8
-
LOLWUT
I don't get all Google Wallet stuff to be honest. NFC has been around in the form of RFID chips on credit cards for years now and most businesses haven't adopted it. The only two places I can think of are NYC cabs and Whole Foods…and Duane Reade.
I don't understand why credit card companies don't just create little RFID sticker versions of your card that you can just attach to any phone. I opened a second American Express card, cut it up, and put the RFID tag in the battery compartment to my old BlackBerry when I lived in NYC and used it to swipe in cabs. The only advantage to Google Wallet would be if you have multiple credit cards…I don't know, just doesn't seem worth it.
IMO, the best implementation of a wireless payment system I've seen so far is a service called Uber that provide private cabs in major cities. You sign up an attach a credit card to your account. When you use the service, it just automatically bills you. No user interaction is required after you've ordered the cab. No fumbling around with a phone trying to get it to scan. Just walk out of the cab and you get an email a few minutes later with the receipt. Square is doing a similar thing, although it's not quite as fluid.
-
I don't roll on Shabbos!
It isn't as grim as it seems. The phone must be rooted and it is only available if you physically have the phone. So people that have their phone stolen specifically for this purpose may be in for the same experience as having their wallet stolen. The transaction between the cashier and the phone is still secure.
I am wary of putting any personal information on my cell phone. People that are entering credit card information and such are more trusting than me.
Is there a reason Google can't require a 8-12 digit alpha numeric password? No way could a phone crack that. It would take weeks-years.
8 digit alpha numeric password = ~200 Trillion possibilities
Last edited by Timman_24; 02-11-2012 at 04:27 PM.
PC: Corsair 550D
4280k | Asus Rampage Gene | Mushkin 4x4GB | EVGA 780
Intel 120GB SSD + 2TB Seagate | Seasonic 660 Plat
2x Alphacool XT45 | Laing DDC | Bitspower
Currently playing: Civ 5
Last Game Beaten: Walking Dead
-
LOLWUT
Originally Posted by Timman_24
It isn't as grim as it seems. The phone must be rooted and it is only available if you physically have the phone. So people that have their phone stolen specifically for this purpose may be in for the same experience as having their wallet stolen. The transaction between the cashier and the phone is still secure.
I am wary of putting any personal information on my cell phone. People that are entering credit card information and such are more trusting than me.
Is there a reason Google can't require a 8-12 digit alpha numeric password? No way could a phone crack that. It would take weeks-years.
8 digit alpha numeric password = ~200 Trillion possibilities
If you physically get a hold of someone's phone, it's unlikely that any password will save you. That's the reason that they just do four-digit PINs. The PIN keeps out the noobs.
Once someone physically gets their hands on your device, any device, it's pretty much game over unless you have a secondary method of authentication and the first method can be revoked.
The only way a device with a single password could be considered "secure" is if the entire disk is encrypted with a strong password. If it isn't, it's likely someone will be able to piece your password together or find an exploit. Or hell…just trigger a password reset. I mean, you can see their email.
Last edited by ImaNihilist; 02-11-2012 at 04:38 PM.
-
I don't roll on Shabbos!
Originally Posted by ImaNihilist
If you physically get a hold of someone's phone, it's unlikely that any password will save you. That's the reason that they just do four-digit PINs. The PIN keeps out the noobs.
Once someone physically gets their hands on your device, any device, it's pretty much game over unless you have a secondary method of authentication and the first method can be revoked.
The only way a device with a single password could be considered "secure" is if the entire disk is encrypted with a strong password. If it isn't, it's likely someone will be able to piece your password together or find an exploit. Or hell…just trigger a password reset. I mean, you can see their email.
Perhaps if they have to query a google server to initiate a transaction or view information? Not having the info stored on the actual device would make a difference. You would have to have access to 3G/Wifi though, but practically anyone that would be using this would have that (I doubt a gas station in the boonies would have a google wallet till lol.)
PC: Corsair 550D
4280k | Asus Rampage Gene | Mushkin 4x4GB | EVGA 780
Intel 120GB SSD + 2TB Seagate | Seasonic 660 Plat
2x Alphacool XT45 | Laing DDC | Bitspower
Currently playing: Civ 5
Last Game Beaten: Walking Dead
-
So...
Did anybody notice the second issue that came up yesterday in the news?
You get someones phone, reset the NFC payment information, and re-set it up with a new PIN code. It auto-associates with the same account again, this time with the new code. Pretty serious issue if you ask me.
Last edited by James; 02-11-2012 at 05:51 PM.
Crusader for the 64-bit Era.
New Rule: 2GB per core, minimum.
Intel i7-9700K | Asrock Z390 Phantom Gaming ITX | Samsung 970 Evo 2TB SSD
64GB DDR4-2666 Samsung | EVGA RTX 2070 Black edition
Fractal Arc Midi |Seasonic X650 PSU | Klipsch ProMedia 5.1 Ultra | Windows 10 Pro x64
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|