Security hounds over at zvelo have discovered a vulnerability in Google Wallet that means your precious PIN can be “easily revealed.” Digging through the app's code and using Google's open resources to reveal its contents, they uncovered a piratical treasure trove of data: unique user IDs, Google account information, and the PIN stored as a SHA256 hex-encoded string. Since this string is known to carry four digits, it only takes a “trivial” brute-force attack involving a maximum of 10,000 calculations to decode it.
2DayBlog.com, PSA: Rooted Android devices with Google Wallet vulnerable to ‘brute-force' PIN attacks
