• 5,053,440
    REGISTERED
  • 56,365
    ONLINE NOW

Posts Tagged: NFC

Google Wallet PIN Vulnerability Discovered

February 9, 2012   By:

GoogleWalletSecurity

Google Wallet is all over the headlines lately, first with its release on the Verizon network with the Galaxy Nexus and then with its release on the AT&T network with the Samsung Galaxy S II. Sprint and T-Mobile users have even been able to sideload the Google Wallet app on their respective variants of the Nexus S.

The app itself relies on the devices NFC chip to communicate with non-contact payment stations, like Mastercard’s PayPass. Google Wallet stores your credit card information allowing you to make in-store purchases with a swipe of your phone. Since the information on the chip can be accessed without direct contact several security measures were put in place to protect users.  A four digit PIN is required to make purchases with the app, adding an additional layer of security. XDA Member and zvelo employee miasma  discovered a flaw in the PIN system, allowing  retrieval of credit card information. viaForensics, a company specializing in proactive forensic security (software hacking with the goal of reporting flaws and protecting users), also helped to demonstrate the exploit, proving that the process could be repeated on other devices.

Multiple problem areas were identified but the biggest was in the encryption of the PIN. Using SHA256 hex encoding, the PIN is secured in the app data. Knowing the PIN is 4 digits, viaForensics’ calculations show a brute-force would take, at-most, calculating 10,000 SHA256 hashes. This takes little effort and both miasma and Google have been able to compromise the PIN security in private tests.

Rooted users take note; the security flaw can only be exploited on phones with root privileges. Google has acknowledged the flaw and they are working on a fix. In order to preform this attack a hacker would have to have physical access to your phone, so until a fix is published users can assure their safety by keeping their device within reach. As always, for the security of your phone, stay up to date with the latest software. Don’t forget to keep your phone secure with a lockscreen pattern, PIN or password (or face unlock if your device supports it).

To see the exploit in action, check out the video here. The original thread announcing the vulnerabilities can be found here. Google is working with the banks and card companies involved to make Google Wallet more secure and to patch this security flaw, so hopefully we’ll see some updates soon. Until then, keep those NFC enabled phones within reach at all times!

AT&T Users Get Access to Google Wallet in the Marketplace, Some Success for T-Mobile Users

February 3, 2012   By:

Google Wallet
XDA forum members have noted that the AT&T Android Marketplace does, in fact, have the Google Wallet app available for download. Previously available only to Verizon users with NFC capable phones, the app is already in high demand. Now AT&T users with NFC capable phones (looking at the Samsung Galaxy S II Skyrocket and Galaxy Nexus) can start using Google Wallet to make purchases.
An APK version of the Google Wallet app modified for any NFC capable phone is already available but installing it requires a rooted device. Additionally many users may prefer to have the Market version to ensure they have the latest updates installed. If you already sideloaded the APK to your device, be sure to uninstall it completely before downloading the version from the Market.
T-Mobile users can also attempt to install the app to their capable device. XDA Senior Member predation has confirmed  here that the install is possible via WiFi with an AT&T SIM Card in the device. Other users have reported success by using a workaround laid out here:
  1. Go to https://market.android.com/search?q=google+wallet on your NFC capable device.
  2. Open the page in the browser, not the Market. If the Market opens automatically you must reset your program defaults.
  3. Click the Google Wallet icon, but this time open it using the Market app.
  4. Tap install.

If you have a phone with an NFC chip and aren’t using Google Wallet, now’s your chance. Check out this thread for reports of working NFC payment locations.

Advertisment

NFC Task Launcher Unleashes NFC’s Automation Potential

March 21, 2011   By:

NFC Task Launcher

Ever wish that the seldom, if ever, used NFC chip on your Nexus S got a little bit more action? Luckily XDA Forum Member krohnjw felt the same way and created a new application that lets you use NFC tags to control your mobile device via profiles!

NFC Task Launcher will undoubtedly feel very familiar for those who have used Tasker, but with the added cool factor of using NFC tags rather than time, location, or events to initiate profiles. And speaking of Tasker, it can even be used to launch any Tasker task you have enabled on your phone!

Currently, the application supports the following tasks:

- Enable / Disable / Toggle Wifi
- Enable / Disable / Toggle Bluetooth
- Launch any installed Application
- Connect to any known SSID
- Configure a new Wifi Connection and connect
- Configure and enable Portable Hotspot
- Launch any Tasker Task (for users of Tasker)
- Changing Phone Ringtone
- Changing Ringer Mode (Normal/Silent/Vibrate)
- Changing Ringer Volume
- Changing Media Volume
- Changing Alarm Volume
- Changing Notification Volume

Continue on to the original thread (or head on over to the Android Market) to get a taste yourself.

Newer Entries
Advertisement

XDA TV: Most Recent Video

Popular Forums

Upcoming Devices

Buy/Sell on Swappa