Google Wallet Hacked Again: This time it's scarier - simple and no root needed

Discussion in 'Android News' started by dgstorm, Feb 10, 2012.

  1. dgstorm
    Online

    dgstorm Editor in Chief Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    7,754
    Likes Received:
    1,699
    Trophy Points:
    258
    Location:
    Austin, TX
    Ratings:
    +1,728

    Security systems seem to fall quickly with today's tech, but this particular bit of news makes you wonder how such an obvious design flaw made it past Google to begin with. Just one day after we found out about an exploit in Google Wallet that would allow a phone thief to "brute force" hack his way into your mobile wallet account, a far easier method than the previous one has been discovered. In fact, this easier method doesn't even require your phone to be rooted, nor does it require the thief to be very tech-savvy at all. Here's a quote from the Talk Android article with the details,

    That's pretty scary, and what is even more scary is that this has been confirmed by multiple sources, and Google even issued a statement on the issue,

    You can see the exploit in action in the video above. Hmmm... if I wanted to use the Google Wallet service, I think I would consider waiting until Google worked out a fix for this. What do you guys think?

    Source: Android.net via TalkAndroid
     
  2. syndicate0017
    Offline

    syndicate0017 Silver Member

    Joined:
    Feb 2, 2011
    Messages:
    2,007
    Likes Received:
    48
    Trophy Points:
    113
    Ratings:
    +48
    I stated in a thread about this last night that its really not a big deal. Its still safer than losing your wallet. Plus if my phone is lost/stolen, first thing I'm doing is reporting it to Verizon who will block all phone and data access on the device rendering Google wallet useless anyway.

    Sent from my Galaxy Nexus using Tapatalk
     
  3. 2THEXTRM
    Online

    2THEXTRM Member

    Joined:
    Nov 4, 2011
    Messages:
    506
    Likes Received:
    6
    Trophy Points:
    18
    Location:
    Central New York
    Ratings:
    +6
    I dont even keep the paypal app on my phone. Google offering $10 to open an account shows how eager they were to get into the electronic funds biz. Their greed apparently outweighed the security issues of their clients. Glad i dont have a phone capable of using wallet.

    Sent from my VTAB1008 using DroidForums
     
  4. Dusty
    Online

    Dusty Premium Member Premium Member

    Joined:
    Jan 13, 2010
    Messages:
    912
    Likes Received:
    231
    Trophy Points:
    43
    Location:
    DC/NoVA
    Ratings:
    +245
    Current Phone Model:
    Nexus 6
    So, once again the lesson to the story is...


    PUT A LOCK SCREEN ON YOUR JUNK.

    Seems to be some type of a pattern here. Hmmm.
    I mean, seriously!? How hard is it for people to understand that if you are going to use your device as a sensitive information access point you may want to AT LEAST lock the front door!
     
    Last edited: Feb 10, 2012
  5. dgstorm
    Online

    dgstorm Editor in Chief Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    7,754
    Likes Received:
    1,699
    Trophy Points:
    258
    Location:
    Austin, TX
    Ratings:
    +1,728
    This is very wise advice! And, as you pointed out... it should be obvious.
     
  6. akhenax
    Offline

    akhenax Senior Member

    Joined:
    Jul 13, 2010
    Messages:
    1,171
    Likes Received:
    129
    Trophy Points:
    63
    Location:
    NY
    Ratings:
    +130
    I find it hilarious that users were complaining and hacking their devices and concocting an install process to install Google Wallet.

    I never thought I would say this, but Big Red was right all along.:blink:
     
  7. sb1831
    Offline

    sb1831 Member

    Joined:
    Oct 6, 2010
    Messages:
    428
    Likes Received:
    4
    Trophy Points:
    18
    Ratings:
    +4
    True. I remember when everyone was pissed because they thought they Galaxy Nexus was being delays because of Google Wallet. It turns out the app has no place on a phone to begin with and VZW was right.
     
  8. wolstonc
    Offline

    wolstonc Member

    Joined:
    Oct 14, 2011
    Messages:
    234
    Likes Received:
    6
    Trophy Points:
    18
    Ratings:
    +6
    Its harder to install Google wallet than it is to hack it. But I still wouldn't call vzw right. They had no idea of this when they decided to block it

    Sent from my Galaxy Nexus using DroidForums
     
  9. Dusty
    Online

    Dusty Premium Member Premium Member

    Joined:
    Jan 13, 2010
    Messages:
    912
    Likes Received:
    231
    Trophy Points:
    43
    Location:
    DC/NoVA
    Ratings:
    +245
    Current Phone Model:
    Nexus 6
    I'd be willing to bet the rest of the money I make for the rest of the year that the primary reason VZW was against Google Wallet was because they didn't get a cut in the action. They spend more time and money in trying to lure you into using their bloat than security measures.
     
  10. syndicate0017
    Offline

    syndicate0017 Silver Member

    Joined:
    Feb 2, 2011
    Messages:
    2,007
    Likes Received:
    48
    Trophy Points:
    113
    Ratings:
    +48
    Exactly. It has nothing to do with a "design flaw" that is easily counteracted by being pro-active and de-activating your phone in the event it's lost or stolen. That's why VZW is trying to create a wallet-like app of their own. They don't get a cut out of Google Wallet.
     
    Last edited: Feb 10, 2012
  11. akhenax
    Offline

    akhenax Senior Member

    Joined:
    Jul 13, 2010
    Messages:
    1,171
    Likes Received:
    129
    Trophy Points:
    63
    Location:
    NY
    Ratings:
    +130
    Is it better to be right for the wrong reason, or wrong for the right reason?
     
  12. ænyoc
    Offline

    ænyoc Member

    Joined:
    Jul 23, 2010
    Messages:
    179
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    A lockscreen actually won't help. Simply reflash the rom (or any rom, or even stock odin), install GW and re-initialize it. Your previous funds will be there (or if you have nefarious reasons, the original owner's funds). Your GW account isn't tied to your gmail account. It's tied to your phone's nfc chip. Doesn't matter what email address you use to log into GW with, the same funds will be there.

    I learned this when I had to return my original GNex. Setup GW on the new phone and my funds from my original GW account were unavailable and they gave me a new $10, even though I used the same email address. Wiped and reflashed, this time logged in with a different account thinking I'd recoup the $20 that was on my original account ($10 for each activation). No such luck, even though I used a different email address on a fresh rom. It pulled up the same card I had with my other email address... and the $10 was still there. If you sell/gift/lose/return/part with your phone, call them and have them deactivate your GW account.
     
  13. captdroid
    Offline

    captdroid Senior Member

    Joined:
    Jun 30, 2010
    Messages:
    1,797
    Likes Received:
    17
    Trophy Points:
    68
    Ratings:
    +17
    Neither, better to be right for the right reason :D
     
  14. Juicemane
    Offline

    Juicemane Bang Bang Theme Developer Premium Member

    Joined:
    Jun 18, 2010
    Messages:
    1,098
    Likes Received:
    4
    Trophy Points:
    38
    Location:
    127.0.0.1
    Ratings:
    +4
    Sorry but you are somewhat incorrect.

    Wallet is linked to your Gmail Account, the balance is related directly to your NFC Chip (so you cant scam $10 over and over) but the actual account information is all done through your Gmail account. I had to exchange my first G Nexus and I used wallet on it. When I installed on the new device I installed wallet and lost my old balance. Balance information is routed through the phone and not your google account. However; if you reflash a rom without doing a data wipe, you will still have the lockscreen on... if you do a data wipe, the account information is gone, rendering google wallet useless.

    See the point here? Even if you have a balance on Wallet, if you dont sign into the corresponding Google Account, you cannot do anything with the funds.

    Put a lock on your device if you use wallet. Case and point. Or... just dont store your credit card info into wallet...

    Funny thing about this is most people are pissed about the concept of someone hacking the Wallet, when in reality you only have $10 on it... I would be more concerned about the $600 phone that was lost or stolen, then to worry about some jerk off stealing my free money in my wallet account.

    Ignorance is bliss.
     
  15. Frankiebonez
    Offline

    Frankiebonez Member

    Joined:
    Nov 7, 2009
    Messages:
    38
    Likes Received:
    1
    Trophy Points:
    8
    Ratings:
    +1
    I think someone else mentioned this at some point, but its no worse than actually losing your wallet. If it could be more secure thats great, but like I just stated its just like losing your wallet with your credit cards in it. Same sort of scenario has to occur for this to be a real security breach. Also, if you dont put a screen lock on your phone with sensitive and personal information your just being stupid.... sorry, truth hurts!
     
Search tags for this page
android google wallet hack apk
,
does google wallet support htc thunderbolt
,

google wallet hack apk

,
google wallet hack apk root
,

google wallet hack no root

,
google wallet hacked apk
,
google wallet money hack apk
,
hack google wallet android without root
,
hacked google wallet account
,
useless google wallet accounts