Google Wallet security flaw also on non-rooted devices.

Google Wallet Security Issue
How secure is Google Wallet?

Two days ago security firm, Zvelo, discovered and reported to Google that the security PIN system that Google Wallet users have to enter to verify transactions, could be compromised. The wallet application saves your PIN in an encrypted file on the phone itself, and not the secured NFC chip, so if your phone falls into the wrong hands, that person could lift your PIN file from the phone and simply crack it using a bruteforce attack. If successful this person would then have full access to your Wallet account.

Because of the Wallet’s security architecture, the change will require a fundamental rejiggering of the security protocols, according to Zvelo. Google responded and said that “The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device”.

So if you haven’t rooted your phone you should be fine, right? Turns out this is not so, because now a new method shown at Because of a security vulnerability in Google Wallet that effects all users, regardless of if they are rooted or not, someone can get access to your Google Wallet without even the need for bruteforcing.

Continue reading “Google Wallet security flaw also on non-rooted devices.”

Siri bypasses your Passcode by default

Siri on iPhone
Siri can bypass the passcode on iPhone 4S

A lot of people use a Lockcode/Passcode to stop someone else from accessing their phone. Doing so you feel fairly secure that no one can access you information and use your phone without your approval. Now it seems Siri, the new digital assistant in iPhone 4S, not only assist the owner in different tasks, but also might help total strangers use the phone.

Under the right conditions, Siri will bypass your passcode and allow anyone to perform tasks on a locked phone. By default, you can use Siri to make phone calls, check your calendar, send texts and emails to people in your contacts list, and set reminders, even when your phone is locked with a passcode. But it seems you at least can’t interact with installed applications or do Internet searches. This functionality might be something you prefer, and can be very handy if you for instance want to use Siri while driving your car. The possibility to search from the locked screen can be turned on and off, but the problem is that this functionality is turned on by default.

Continue reading “Siri bypasses your Passcode by default”