A new security flaw has been discovered in Android and it could jeopardize the credit card information you have stored in Google Wallet, the app to pay via NFC. Google is already fixing this security hole in the September patch for its mobile operating system, but if you still can’t update, you would be at risk.
At the center of the digital transformation that we are experiencing these days are smartphones, the devices par excellence where we store a large amount of information confidential. However, this convenience entails the always worrying issue of security, especially when we see in cases like today’s how easy it is for data as crucial as credit cards to be stolen.
They read your card via NFC
A security issue that has been given the code CVE-2023-35671 it affects Android devices and allows full credit card details to be accessed via NFC reading devices like the popular Flipper Zero tool.
The problem, that affects all Android devices running version 5.0 and higheris a loophole that relates to the operating system’s app pinning tool, which allows users to lock an app on the screen until a PIN is entered.
Although fortunately this function is not activated automatically, there are users who have activated it to pin an application on the screen and prevent access to other applications. The concern arises when users enable the feature and activate the “Require PIN before unpin” option in Settings → Security & privacy → More security settings → Pin app, then also enable “Require device unlock for NFC” in Settings → Devices connected → Connection preferences → NFC, at the same time.
If all of these criteria are met and a user’s Google Wallet contains a credit or debit card stored for in-store NFC transactions, this setup can become a gateway to an exposure of full payment method data. Under these conditions, someone with a NFC reading tool Appropriately you can activate a locked Android phone to disclose full credit card details with a single tap. The breach does not allow payments to be made, but exposes all credit card details as shown in the video that accompanies this news.
Update your Android version now
Fortunately, Google is already aware of the problem and has marked as “high” severity. A fix is included with the September 2023 security patch for Android versions 11 to 13.
If you’re on a device that no longer receives security patches or has an older version of Android, avoiding the issue is as simple as disable Screen Pinning in the Settings menu of your device. Notably, screen pinning is not enabled by default.
The September 2023 security patch is currently available to all manufacturers using Android and Samsung has rolled out the update to many devices. Google Pixel devices were expected to get the patch with Android 14, but it was unexpectedly delayed.