The security experts at zVelo have discovered a vulnerability in Google Wallet that allows them to “easily reveal” users’ PINs. If a Google Nexus is rooted, Google Wallet’s PIN verification system can be cracked using a brute force attack. zVelo said on Wednesday that it immediately reported its findings to Google, and the company “agreed to work quickly to resolve it,” although the researchers said Google “ran into obstacles.” To fix the problem, the PIN verificati...

Security firm ViaForensics recently said Google Wallet does not properly protect personal data, including credit card balance information, on a rooted Nexus S smartphone. Google Wallet is an NFC-based mobile payment system for Android that is accepted by a number of retailers in the United States. It is currently only officially available on the Nexus S and Nexus S 4G. “While Google Wallet does a decent job securing your full credit cards numbers, the amount of data that Google Wallet stores unencrypte...

A major security flaw in Apple’s iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert. Described by Forbes as a “serial Mac hacker,” Accuvant LABS computer security researcher Charlie Miller has uncovered a security flaw that allows hackers to build apps that look legitimate and pass through Apple’s App Store approval process. Using a code-signing vulnerability, however, the malicio...

Well that didn’t take long. Yesterday, we told you about an Android vulnerability found in ClientLogin that could have serious security ramifications. Using a dummy open access-point, a nefarious third party could passively — via Wi-Fi — collect authentication tokens to password protected services such as Facebook, Twitter, and Google Calendar stored on affected Android devices. Speaking with Mobilized’s Ina Fried, the Android-maker has stated that it is taking action, and fast. “Today we...

A report filed by UK publication The Register details a scary weakness in most Android handsets currently being sold. The aforementioned vulnerability would allow attackers to collect and use digital tokens stored on a handset after a user authenticates to a password protected service. “The weakness stems from the improper implementation of an authentication protocol known as ClientLogin in Android versions 2.3.3 and earlier,” reads the report, quoting research from the University of Ulm. “...

Last week, we told you about a weakness discovered in Skype’s Android client. The issue stemmed from a combination of incorrect file permissions and lack of encryption usage on the database files used to store contact information, chat history, and more. The company has gone ahead and updated said client, and as an added bonus has included the ability to make VoIP calls via your phone’s 3G data connection. “Calling over your 3G connection is available worldwide – now including the US...

The detectives over at Android Police have found an interesting weakness in Skype for Android. The site has discovered that the popular VoIP chat client stores contact details, conversation logs, and a host of other information in a series of unprotected squlite3 databases. “Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them,” reads the article. “Not only are they accessible, but completely unencrypted.” The vulnerability was initially ...

Adobe has identified a zero-day exploit in the latest version of Flash Player 10.2 for Windows, Mac, Linux and Android. Using the the security hole, an attacker can potentially run malicious code and even take control of an affected system. While the vulnerability and potential damage to a system are significant, common sense will help users avoid the issue in most cases. The malicious code that takes advantage of this exploit is typically delivered as a Flash file embedded in a Microsoft Word document attac...

In light of a WebKit vulnerability discovered at this year’s Pwn2Own conference in Vancouver, Research In Motion has issued a bulletin for its most security conscious customers. Affecting handsets running BlackBerry Device Software version 6.0 or higher, the exploit could allow an attacker to gain access to data stored on the media card or in the media storage area built into BlackBerry devices. RIM notes that the vulnerability does not grant attackers access to email, calendar, contact, or applicati...

Adobe has issued a security bulletin about a critical security flaw found in Adobe Flash Player affecting the Windows, Macintosh, Linux, Solaris, and Android operating systems. The vulnerability, labeled CVE-2011-0609, “could cause a crash and potentially allow an attacker to take control of the affected system.” The company reports that exploits are already in the wild — most prevalently attached to Flash (.swf) and Excel (.xls) files. Adobe notes that it is “aware” of exploits f...

Add Apple’s iOS and Research In Motion’s BlackBerry OS to the list of victims at this year’s Pwn2Own challenge. Conference veteran Charlie Miller, along with Dion Blazakis, deployed an exploit to iOS 4.2.1 through a vulnerability in Safari. By navigating to a custom-made webpage, the duo were able to execute remote code and gain access to the iOS address book. Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann also utilized a WebKit-based vulnerability to take down a BlackBerry Torc...

Safari just got served. At this year’s Pwn2Own conference, security firms and enthusiasts are doing their very best to discover and deploy exploits to some of the world’s most popular browsers. Chrome, Firefox, Internet Explorer, and Safari, they’re all on the menu for conference attendees and some have definitely faired better than others. Google issued a challenge, promising $20,000 to any person or team that could crack Chrome on the conferences opening day, but the two teams scheduled ...

The digital rights management (DRM) security used by Microsoft to protect apps in its Windows Phone 7 Marketplace has been cracked, enthusiast blog WPCentral reports. Though the technology needed to do so is not yet in the hands of the general public, the DRM protecting paid applications can now easily be stripped off of apps. If details of the vulnerability used to achieve the DRM crack are made available to the public, unscrupulous programers could use the exploit to develop software that allows users to st...

Adobe released a security bulletin today warning of a critical, zero-day vulnerability in their Reader and Flash Player software. The bulletin notes that an unpactched system could “crash [your system] and potentially allow an attacker to take control of the affected system.” The vulnerability is affecting:Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 10.1.95.2 and earlier for Android Adobe Reader 9.4 and earlier 9....