Wednesday, February 15, 2012

Android Hack: Google confirms threat of Credit Card PIN theft.

Google has been riding on the success of its Android platform and Quality apps have everything to do with it. No doubt, some of the best minds in business are working on these Apps. But, there is another category of Geniuses - they are called Hackers. These hackers always expose some or the other threat/breach in the system.

One, Joshua Rubin of Zvelo, has come up with an Android hack, which is a way to find an Android phone’s Google Wallet PIN.According to experts, the hack is one of the most interesting attacks on Google Wallet so far.

In short, this hack allows access to credit card data and purchase history and could, in theory, allow a hacker to use a Google Wallet freely in the wild. However, it does require the hacker to have unfettered root access to the phone. Using a small program, the exploit simply brute-forces a file found in the phone, thereby revealing the PIN and unlocking the wallet.

Again, the hack requires a rooted Android phone – a state that is trivial to achieve if your phone is stolen – and a bit of know how

Andy Rubin, Senior Vice President of Mobile at Google, where he oversees development of Android, an open-source operating system for smartphones recommends:

Do Not “Root” the Cell Phone – Doing so will be one less step for a thief.
Enable Lock Screens – “Face Unlock,” “Pattern,” “PIN” and “Password” all increase physical security to the device. “Slide,” however, does not.
Disable USB Debugging – When enabled, the data on mobile devices can be accessed without first passing a lock screen challenge unless Full Disk Encryption is also enabled.
Enable Full Disk Encryption – This will prevent even USB Debugging from bypassing the lock screen.
Maintain Device Up-To-Date – Ensure the device is current with the latest official software. Unfortunately, users are largely at the behest of their carrier and cell phone manufacturer for this. Using only official software and keeping devices up-to-date is the best way to minimize vulnerabilities and increase security overall.

No comments:

Post a Comment