Rubin is a security researcher with zveloLABS. His discovery centers around how the PIN is stored on Google Wallet – as a salted hash, but not within the secure hardware part of the phone known as the Secure Element. “It dawned on us,” he writes, “that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes. This is trivial even on a platform as limited as a smartphone. Proving this hypothesis took little time.”
Rubin’s discovery, comments Chester Wisniewski at Sophos, “is that a lost or stolen Android phone with Google Wallet configured is nearly as bad as handing over your credit card to whomever finds it.” The Wallet is designed to allow six attempts to input the PIN number before it automatically wipes the credit card details. “The trouble is the salted hash of your PIN is stored on the filesystem of the phone,” continues Wisniewski, “and Android phones are trivial to root. With root access you can bruteforce the PIN without using any of your official attempts.”
“Because the PIN is a four-digit code,” confirms McAfee’s Jimmy Shah, “an attacker can generate all possible PINs (0000-9999), hash them, and compare against the extracted PIN. On a real phone this takes about four seconds.”
Google, says Rubin, “was extremely responsive to the issue, but ran into several obstacles preventing them from releasing the fixed app.” The problems seem to be more to do with Android and bank policies rather than technology. By moving the PIN into the Secure Element chip, Google might be changing who is responsible for security of the PIN, and that might have an effect on whom the banks hold responsible for fraud.
Jaime Blasco, head of labs with AlienVault, explains that most payment cards require that the account holder take reasonable steps to protect their card details, in return for financial protection against card fraud. He argues that storing card details on the Google Wallet system – regardless of these latest PIN security issues – may compromise the card issuer’s security requirements. Since the Google Wallet is a hybrid on-device/cloud data storage system his own solution would have been to store the user’s PIN in the cloud, “meaning that a brute force cracker attack of this type would be a lot more difficult, if not impossible.”
Meanwhile, Google has stated: “The Zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.”
Rubin disagrees, and feels “that the fact that this attack requires root permissions does not in the least bit diminish the risk it imposes on users of Google Wallet.”