Proof of concept smartphone app was developed to demonstrate the vulnerability and expose the PIN
Greenwood Village, Colorado – February 08, 2012 – A senior engineer within zvelo, a leading provider of website categorization, URL database and real-time malicious website detection solutions for the OEM market, has discovered a significant security vulnerability in the Google Wallet mobile phone payment system.
The engineer cracked and exposed the Google Wallet 4-digit PIN needed in order to authorize and process mobile phone payments. This PIN is intended to serve as the differentiating and additional security component that traditional, physical credit cards do not provide.
zvelo immediately disclosed its findings to Google who confirmed the PIN vulnerability and moved quickly towards releasing a fix.
The Google Wallet PIN vulnerability research and findings, including a video demonstration of the proof of concept app, can be found on the official zveloBLOG.