Google Wallet Hacked Again: This time it's scarier - simple and no root needed

Discussion in 'Android News' started by dgstorm, Feb 10, 2012.

  1. dgstorm

    dgstorm Editor in Chief Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    10,248
    Likes Received:
    3,536
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +3,765

    Security systems seem to fall quickly with today's tech, but this particular bit of news makes you wonder how such an obvious design flaw made it past Google to begin with. Just one day after we found out about an exploit in Google Wallet that would allow a phone thief to "brute force" hack his way into your mobile wallet account, a far easier method than the previous one has been discovered. In fact, this easier method doesn't even require your phone to be rooted, nor does it require the thief to be very tech-savvy at all. Here's a quote from the Talk Android article with the details,

    That's pretty scary, and what is even more scary is that this has been confirmed by multiple sources, and Google even issued a statement on the issue,

    You can see the exploit in action in the video above. Hmmm... if I wanted to use the Google Wallet service, I think I would consider waiting until Google worked out a fix for this. What do you guys think?

    Source: Android.net via TalkAndroid
     
  2. syndicate0017

    syndicate0017 Silver Member

    Joined:
    Feb 2, 2011
    Messages:
    2,007
    Likes Received:
    48
    Trophy Points:
    113
    Ratings:
    +48
    I stated in a thread about this last night that its really not a big deal. Its still safer than losing your wallet. Plus if my phone is lost/stolen, first thing I'm doing is reporting it to Verizon who will block all phone and data access on the device rendering Google wallet useless anyway.

    Sent from my Galaxy Nexus using Tapatalk
     
  3. 2THEXTRM

    2THEXTRM Member

    Joined:
    Nov 4, 2011
    Messages:
    505
    Likes Received:
    6
    Trophy Points:
    18
    Location:
    Central New York
    Ratings:
    +6
    I dont even keep the paypal app on my phone. Google offering $10 to open an account shows how eager they were to get into the electronic funds biz. Their greed apparently outweighed the security issues of their clients. Glad i dont have a phone capable of using wallet.

    Sent from my VTAB1008 using DroidForums
     
  4. Dusty

    Dusty Premium Member Premium Member

    Joined:
    Jan 13, 2010
    Messages:
    1,092
    Likes Received:
    372
    Trophy Points:
    198
    Location:
    DC/NoVA
    Ratings:
    +456
    Current Phone Model:
    Nexus 6
    So, once again the lesson to the story is...


    PUT A LOCK SCREEN ON YOUR JUNK.

    Seems to be some type of a pattern here. Hmmm.
    I mean, seriously!? How hard is it for people to understand that if you are going to use your device as a sensitive information access point you may want to AT LEAST lock the front door!
     
    Last edited: Feb 10, 2012
  5. dgstorm

    dgstorm Editor in Chief Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    10,248
    Likes Received:
    3,536
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +3,765
    This is very wise advice! And, as you pointed out... it should be obvious.
     
  6. akhenax

    akhenax Senior Member

    Joined:
    Jul 13, 2010
    Messages:
    1,476
    Likes Received:
    276
    Trophy Points:
    83
    Location:
    NY
    Ratings:
    +358
    I find it hilarious that users were complaining and hacking their devices and concocting an install process to install Google Wallet.

    I never thought I would say this, but Big Red was right all along.:blink:
     
  7. sb1831

    sb1831 Member

    Joined:
    Oct 6, 2010
    Messages:
    428
    Likes Received:
    4
    Trophy Points:
    18
    Ratings:
    +4
    True. I remember when everyone was pissed because they thought they Galaxy Nexus was being delays because of Google Wallet. It turns out the app has no place on a phone to begin with and VZW was right.
     
  8. wolstonc

    wolstonc Member

    Joined:
    Oct 14, 2011
    Messages:
    234
    Likes Received:
    6
    Trophy Points:
    18
    Ratings:
    +6
    Its harder to install Google wallet than it is to hack it. But I still wouldn't call vzw right. They had no idea of this when they decided to block it

    Sent from my Galaxy Nexus using DroidForums
     
  9. Dusty

    Dusty Premium Member Premium Member

    Joined:
    Jan 13, 2010
    Messages:
    1,092
    Likes Received:
    372
    Trophy Points:
    198
    Location:
    DC/NoVA
    Ratings:
    +456
    Current Phone Model:
    Nexus 6
    I'd be willing to bet the rest of the money I make for the rest of the year that the primary reason VZW was against Google Wallet was because they didn't get a cut in the action. They spend more time and money in trying to lure you into using their bloat than security measures.
     
  10. syndicate0017

    syndicate0017 Silver Member

    Joined:
    Feb 2, 2011
    Messages:
    2,007
    Likes Received:
    48
    Trophy Points:
    113
    Ratings:
    +48
    Exactly. It has nothing to do with a "design flaw" that is easily counteracted by being pro-active and de-activating your phone in the event it's lost or stolen. That's why VZW is trying to create a wallet-like app of their own. They don't get a cut out of Google Wallet.
     
    Last edited: Feb 10, 2012
  11. akhenax

    akhenax Senior Member

    Joined:
    Jul 13, 2010
    Messages:
    1,476
    Likes Received:
    276
    Trophy Points:
    83
    Location:
    NY
    Ratings:
    +358
    Is it better to be right for the wrong reason, or wrong for the right reason?
     
  12. ænyoc

    ænyoc Member

    Joined:
    Jul 23, 2010
    Messages:
    179
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    A lockscreen actually won't help. Simply reflash the rom (or any rom, or even stock odin), install GW and re-initialize it. Your previous funds will be there (or if you have nefarious reasons, the original owner's funds). Your GW account isn't tied to your gmail account. It's tied to your phone's nfc chip. Doesn't matter what email address you use to log into GW with, the same funds will be there.

    I learned this when I had to return my original GNex. Setup GW on the new phone and my funds from my original GW account were unavailable and they gave me a new $10, even though I used the same email address. Wiped and reflashed, this time logged in with a different account thinking I'd recoup the $20 that was on my original account ($10 for each activation). No such luck, even though I used a different email address on a fresh rom. It pulled up the same card I had with my other email address... and the $10 was still there. If you sell/gift/lose/return/part with your phone, call them and have them deactivate your GW account.
     
Search tags for this page
android google wallet hack apk
,
does google wallet support htc thunderbolt
,

google wallet hack apk

,
google wallet hack apk root
,

google wallet hack no root

,
google wallet hacked apk
,
google wallet money hack apk
,
hack google wallet android without root
,
hacked google wallet account
,
useless google wallet accounts