Back and forth we go with the precarious Google Wallet situation. First we saw the original security flaw, which immediately prompted Google to respond to users and highlight there are no known vulnerabilities while also encouraging users to install Google Wallet on non-rooted devices. In a mere few hours, a second method to hack Google Wallet was revealed, this time on non-rooted devices.
Naturally, the consecutive security breaches of Google Wallet has everyone on edge. That’s why many users have reached out to Google and question whether its Google Wallet service is safe enough for the masses to use in order to make mobile payments. Google offered its formal response and simply put it that yes, it is safe to make mobile payments using Google Wallet. Here’s Google Wallet VP Osama Bedier offering a formal statement: Read more
Google Wallet is in the news again and not for the right reasons. We just saw earlier how a hack was revealed for rooted phones using Google Wallet. While Google issued an immediate response on the initial findings, mobile blog TheSmartphoneChamp discovered and posted a second way of hacking into Google Wallet— this time highlighting the newfound hack will work on non-rooted phones and doesn’t even need special hacking skills. Basically all individuals have to do to access a user’s funds is clear the data in the app settings— which forces Google Wallet to prompt them to enter a new PIN. After the new PIN is entered, it’s as simple as adding a Google Prepaid Card tied to the device and then there the ability to access any available funds. It has been tested by several sources and it is indeed true. Google has confirmed the findings and even issued the following statement:
”We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”
As always everyone— take immediate precautions to ensure the safety of your device which includes having a lock screen or even installing some tracking software for your device. You can check out the video below which highlights the vulnerability.
Google’s NFC chip that can turn your phone into a wallet has a major security issue. The security firm Zvelo has found that Google Wallet can be hacked by an app that can be easily found online. Our own Ed Caggiani gave you a detailed outline of the security flaw earlier today. Keep in mind, though, that this security breach can only affect rooted phones. Also, the rooted phone can only be hacked in person (for example, if you lost your phone), and using a PIN lock screen will keep criminals from accessing your phone.
The Next Web contacted Google for a statement on the issue, and received the following response:
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.
Google is simply encouraging people who have rooted phones to not use Google Wallet. If they are working on a fix to this issue, they are not mentioning it. While it’s true that rooting a phone will disable the security features that Google has in place, Google also openly encourages people to root their phones and make it their own. The easiest fix may be to have the PIN number stored by your bank, and not Google, but that would open a whole new can of worms, including changing Google’s terms of service. We hope that Google will tackle this issue and come out with a security fix in the near future.
source: The Next Web
First, the sky is not falling and chances are you are safe, but if you use Google Wallet, you should know that the PIN security has been cracked. Who is affected? You are vulnerable if:
- You have a phone with Google Wallet set up
- Your phone is rooted
- You don’t use lock screen security (PIN, pattern, face unlock, etc)
- You lose your phone
Basically, you need either a Nexus S or Galaxy Nexus that has been rooted. Everyone else can stop reading now.
Dan Rosenberg, the same tech genius that brought us root for our Lenovo ThinkPad Tablets, has struck gold again, rooting the Sony Tablet S. Unfortunately for him, it wasn’t nearly as easy as it was for the Lenovo ThinkPad Tablet. He’s posted the whole process in detail on his blog, so check out the source. It’s a really interesting read, and can provide insight into what happens when you choose to root your device. Keep in mind that rooting your device and the subsequent activities that are made possible by doing so can possibly brick your device. Do so at your own risk!
Source: Dan Rosenberg
The HP TouchPad continues to get a new lease on life– this time receiving a test version of the Android kernel. HP (which has long been a supporter of the Android development community) released information and other components to the CM developers working on the CM9 port for the TouchPad. Here is some insight HP’s support and a possible backstory of the TouchPad’s development from Rootz Wiki user Green:
“HP supports the community and was kind enough to provide us with the Android kernel source and some other GPL components that they modified for the few Touchpads that were accidentally released running Android… What’s interesting about this kernel is it seems to be a totally separate development from the webOS kernel (this was suspected from the very beginning), but now the comments in the code seem to imply that HP had another team working on Android port to Touchpad and that team appears to be totally separate from the webOS team. I wonder if that means there was a plan to ship the Touchpad with Android that were then preempted by webOS plans after Palm purchase.”
While there’s no WiFi support for the HP TouchPad as of yet, the developers hope it will be on the horizon. The CM9 port for the TouchPad certainly is shaping up to be one of the more anticpated ports around.
Google’s new bouncer-service that was announced last week is supposed to have dropped the number of malware apps in the Android Market by about 40% already. While that is a great number the Bouncer service isn’t perfect and it probably is the beginning to one of many back and forth battles between the Search Giant and malicious hackers in the making.
However, it appears that hackers may have already found a work around to this service. According to North Carolina State University professor Xuxian Jiang, he and his team have discovered a new malware variant that pulls off a pretty sneaky maneuver. The malware contains no malicious code when it’s first installed on a device. By doing this it evades scans or permission requests that could pick up on its intentions in the first place. Here’s the trick. After it’s downloaded the app is then able to download new code from a remote server and it can hide this in the data transfer from the phone’s communications. Read more
It seems that HTC is always in the news for one security scare or another. Well you can add this to the pile as HTC has acknowledged that a bug/exploit can expose security credentials on wifi networks when their devices handle specific Android requests.
It was found that applications on affected HTC devices with the android.permission.ACCESS_WIFI_STATE permission would be able to exploit the .toString() command via the WifiConfiguration class to view all of a wifi network’s credentials. Combine this with the android.permission.INTERNET permission and hackers could have a field day in harvesting these details and sending them off to a remote server. These exploits happened to be found by researchers Chris Hessing and Bret Jordan. Read more
I bet you didn’t know Stanford had some cool nerds on their roster did you? Yep, some of the folks over there decided to tinker around using an NFC enabled Android device along with a remote control also housing an NFC chip. Check out what these guys have managed to come up with:
- Display photos in a slide show
- Collaborative Whiteboard
- Slide Show Presentation
- Play Online Poker
- Stream Netlix Videos
Check out the quick demo below where you can see all of these in action and don’t forget to let us know what you think in the comments below. I don’t know about you, but I love when nerds get bored. They always wind up producing something useful for the rest of us :) For more information hit up the source link to check out their blog at Stanford.edu
via: Stanford MobiSocial News
Like someone eating McDonald’s while sitting at a Burger King, the BlackBerry PlayBook is all set to receive its highly anticipated 2.0 OS update which will allow the use of Android applications. And by highly anticipated I mean highly anticipated by BlackBerry users not Android fan-boys. The update is supposed to drop next month and the company has officially put the call out for anyone wanting to run Android applications on the Kindle Fire wannabe via its BlackBerry Runtime for Android functionality. If you’re a developer and you’d like to see your application running on the device, you have until February 6th to submit your app. In order to get your application approved and on the BlackBerry App World Store, you’ll need to abide by a few rules. First, you’ll need to omit the word “Android” for starters, as well as any signs or traces of the Android logo. Yep, say goodbye to the little green guy. And secondly, you’ll need to remove any links that would take one back to the Android Market. According to RIM, it’s not difficult at all to port your application over to their device using their Runtime feature. So, we’ll have to sit back and see what developers cook up for the masses. What application would you like to see ported over to the PlayBook? Oh, I know! How about an email application?!
via: BlackBerry Dev’s Blog