Proof of concept smartphone app was developed to demonstrate the vulnerability and expose the PIN
Greenwood Village, Colorado – February 08, 2012 – A senior engineer within zvelo, a leading provider of website categorization, URL database and real-time malicious website detection solutions for the OEM market, has discovered a significant security vulnerability in the Google Wallet mobile phone payment system.
The engineer cracked and exposed the Google Wallet 4-digit PIN needed in order to authorize and process mobile phone payments. This PIN is intended to serve as the differentiating and additional security component that traditional, physical credit cards do not provide.
zvelo immediately disclosed its findings to Google who confirmed the PIN vulnerability and moved quickly towards releasing a fix.
The Google Wallet PIN vulnerability research and findings, including a video demonstration of the proof of concept app, can be found on the official zveloBLOG.
About zvelo, Inc.
zvelo is a leading provider of website categorization technologies, URL database (zveloDB®), malicious website detection and reputation blocklist solutions. zvelo licenses its zveloDB exclusively through OEM Partnerships with service providers (ISP/MSSP, mobile, etc.), endpoint security and anti-virus vendors, UTM and gateway appliance vendors, content and URL filtering vendors, online advertising technology providers, and other high growth market segments where accuracy, coverage, malicious website detection and fast URL query performance are required.