A stranger Google Wallet failure (and many other applications, but not that contain such sensitive information), which affects smartphones that run Android 5.0 onwards, can jeopardize all the details of the Credit cards that you have hosted in the company’s payment service. The good news is that Google is already aware of this vulnerability.
The ruling, recorded as CVE-2023-35671is going to be fixed with a fix that Google has included in the September 2023 security update for devices running Android 11 and newer. What happens is that, for now, this September security update is only available on some smartphones on the market, very little, because I didn’t even know the company’s Pixel phones have received it, curiously.
So for now, if you want to avoid putting your phone, and more specifically, your banking details, at risk, you can avoid the Google Wallet exploit by disabling or avoiding the Android feature that caused it all: Pin to Screen .
It’s Google’s fault
As MrTiz demonstrated on GitHub and in the YouTube video that we leave you below, the CVE-2023-35671 vulnerability takes advantage of a bug in the Android Screen Pinning tool. This often overlooked feature allows you to pin an app to your lock screen, providing easy access to it without leaving your phone completely unlocked. What happens is, if you pin an app while the ‘require PIN before unpin’ and ‘require device unlock for NFC’ options are enabled, devices NFC widely used by cybercriminals, such as Flipper Zerothey can get the details of any credit cards you’ve set up for contactless payments in Google Wallet.
Again, we are faced with a security flaw that not everyone can take advantage of and that requires a series of circumstances to come together to be able to exploit it to the fullest. Very few people use the pinning option, not because it is not practical, but because most people are unaware of it. Furthermore, we are talking about a tool that is disabled by default.
If you meet the requirements to enable this vulnerabilityyou would still have to have your phone around an NFC device while the Google Wallet app It is pinned to your lock screen. Therefore, while you wait for Google to release that September patch that fixes the bug, the steps to avoid this exploit are very simple: disable Screen Pinning or unpin any application that is on your lock screen before trying to make a contactless payment .
The update that puts an end to the bug is now available for all Android brands, although manufacturers are ultimately responsible for its implementation. That’s why the same It is already on several Samsung phones, although for some strange reason, it is not yet in Google’s Pixel line. Phones from other brands that work with Google’s operating system still have to wait a little longer to be 100% protected.