Google Wallet Picked, iTunes Store Hacked and Other Stories from the Week

Google Wallet security cracked in seconds: The mobile app of Google Wallet, which lets you use your phone to make purchases, has a PIN which can be opened in seconds with a brute-force attack. The attack is limited to some specific conditions: The phone has to be physically available or and it has to have been previously rooted by the user. The attack, which can read the contents of the wallet including credit card numbers and details like transaction history, takes advantage of a hash of the PIN stored by the app. Fixing the flaw seems beyond Google’s abilities because it would require banks to accept responsibility for part of the transaction.

EU bolsters cyber security agency: ENISA, the European Network and Information Security Agency, was set up in 2004. Its mandate is due to expire in September 2013, but a vote by the European Parliament’s Industry, Research and Energy Committee agreed to extend it until 2020. Under the new mandate ENISA will set up a full-scale European Union Computer Emergency Response Team, to counter cyber attacks against E.U. agencies and give support to member states in the event of attacks.

iTunes Store accounts reportedly hacked: There are reports of iTunes users getting refunds after having their store accounts cleaned out by thieves. Users on Apple’s Support Community have been reporting hacks which have caused in unauthorized purchases and changes to their personal information. Users have reportedly been complaining of a similar problem for more than a year. According to The Global Mail Apple is all but not commenting on the problem. The company issued a statement which said: “Apple takes precautions to safeguard your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction. Apple online services such as the Apple Online Store and iTunes Store use Secure Sockets Layer encryption on all Web pages where personal information is collected.”

Job-seeking hacker gets 30 months in jail: Attila Nemeth, a 26 year old Hungarian, admitted to sending Trojan-infected emails to workers at a Marriot hotel late in 2010. This let him access back-end servers. He extracted sensitive information and then threatened to reveal it unless the chain offered him a job maintaining Marriott’s computer systems. The U.S. Secret Service was able to put a sting operation into place which lured him to the U.S. with the promise of an all-expenses-paid job interview. (Falling for that is yet another reason not to hire him.)