
Google Wallet Cracked – Vulnerability Exposes PIN On Rooted Devices [video] - 3lit3H4ck3r
http://phandroid.com/2012/02/08/google-wallet-cracked-vulnerability-exposes-pin-on-rooted-devices-video/
======
Sephr
> Only on rooted devices without the lockscreen enabled that an attacker has
> physical access to

This isn't a vulnerability. If you root your device and disable the
lockscreen, then it's pretty obvious that anyone who physically possesses your
device can access _anything_ on the device. The way Android is designed, you
don't even need a secure element, as apps don't have access to other apps'
private data. That is, unless you root and disable the lockscreen, which goes
against the Android design.

In other news, criminals can read your email if you leave your laptop unlocked
and unattended in public.

> "Disable USB Debugging – When enabled, the data on mobile devices can be
> accessed without first passing a lock screen challenge unless Full Disk
> Encryption is also enabled."

That's an outright lie. Since the press release mentions "Full Disk
Encryption", they can only be talking about Android 3.0+, which doesn't allow
MTP or adb access until the device is unlocked, regardless of whether disk
encryption is being used.

~~~
3lit3H4ck3r
For the record I am a HUGE fan of the Android OS. However, these security
issues MUST be addressed.

[http://www.helloandroid.com/content/google-wallets-pin-
verif...](http://www.helloandroid.com/content/google-wallets-pin-verification-
cracked-again-no-root-access-required)

~~~
Sephr
Tip for being a better spammer: don't include a link to the topic article in
every comment you make.

~~~
3lit3H4ck3r
Wow. Thanks for the constructive criticism.

