Tag Archive for: wallet

Google Wallet adds ‘Verification settings’ to balance security and convenience

/in


What you need to know

  • Google Wallet has added a new verification settings menu for Android devices.
  • This setting allows users to decide whether or not they need to be verified before paying for a ticket on public transport.
  • This will help to make Google Wallet even more secure.

The ability to store card details, transit passes, boarding passes, and contactless payments, means Google Wallet is a convenient way to save time.  Now, Google is working hard to make Wallet even more secure and user-friendly by introducing a new ‘Verification settings’ menu.

The new addition, as spotted by 9to5 Google, lets users decide whether or not verification is required, specifically when paying for a transit ticket. Under “Wallet settings” is the new “Security” heading, under which “Verification settings” are listed. When selected, the user can “choose if you’ll need to verify it’s you when using your items stored in Wallet.” 

At the moment, the only available option here is “Transit payments.” When the “verification required” toggle is on, Wallet will require “verification for paying for bus, metro, and more with a credit or debit card.” This means the usual options for a device include a PIN or fingerprint scan, for example.  

Screenshots of the new verification settings menu in Google Wallet

(Image credit: Phone Arena)

If a user already has a transit pass stored in Wallet, the toggle will be switched on by default. The wallet will then require verification before paying with their bank card. If no transit pass is stored, this option will be automatically turned off. 

Source…

Atomic Wallet Offers $1 Million Bug Bounty Amid Security Lawsuit

/in


Atomic WalletAtomic Wallet
Source: Adobe / Ascannio

Amid an ongoing class-action lawsuit related to a $100-million hack in June, the developer of Atomic Wallet has launched a $1-million bug bounty program aimed at identifying security flaws in its wallet software.

In an announcement on December 18, the development team invited ethical hackers and security experts globally to scrutinize the open-source code for potential vulnerabilities.

White hat hackers who discover the most severe vulnerabilities, defined as those allowing an over-the-internet attack without physical access, installed malware, or social engineering, stand to earn $100,000 under the program.

The bug bounty program is designed to enhance the security of the wallet and minimize the risk of future cyber threats.

The bounty program also offers compensation ranging from $500 to $10,000 for hackers who identify bugs or flaws not meeting the criteria of the most serious vulnerabilities.

The reward depends on the severity of the vulnerability, with $5,000 allocated for a “high-risk” discovery and $10,000 for a “critical-risk” one.

The total bounty pool for all discoveries is set at $1 million.

Harnessing the ‘expertise of the global community’


Konstantin Gladych, founder of Atomic Wallet, expressed confidence in the bug bounty program’s ability to harness global expertise and creativity to bolster cybersecurity.

“Recent events in the blockchain industry have once again reminded us that cybersecurity is a dynamic field, and the best way to stay ahead is by harnessing the creativity and expertise of the global community,” he said.

$100 million hacking incident


Atomic Wallet in June this year suffered a $100 million hacking incident.

About 5,500 users of the non-custodial cryptocurrency wallet were affected by the hack which has been linked to the North Korean Lazarus Group.

Two months later, the incident led victims to launch a class action lawsuit against Atomic Wallet for compensation.

According to reports at the time, the claims rest on the company’s inaction to share proper information about…

Source…

Monero (XMR) Price Analysis: Did XMR Drip After Wallet Exploit?

/in


Table of Contents

The Monero community wallet was hit by a major exploit, resulting in the loss of its entire balance of 2,675.73 Monero (XMR), worth almost $460,000. The cause and source of the exploit are currently unidentified. 

The attacker reset the balance of the community wallet in nine separate transactions. 

Late Disclosure By Monero 

According to reports, the hack in question took place on the 1st of September. However, it was disclosed on GitHub after two months, on the 2nd of November, 2023, by Monero developer Luigi, who stated that the community wallet had been completely emptied. The developer also stated that the source of the breach was yet to be identified. 

“The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on the 1st of September, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.”

However, cybersecurity firm SlowMist stated that it was unlikely the hack was a result of a loophole in the Monero privacy model. Moonstone Research was investigating how the attacker moved the stolen funds. Their analysis revealed some interesting results, and they were able to trace three of the hacker’s transfers.

Monero’s Community Crowdfunding system funds development proposals from members. Monero developer Ricardo’ Fluffypony’ Spagni, the only other individual with access to the wallet seed phrase, noted, 

“This attack is unconscionable, as they’ve taken funds that a contributor might be relying on to pay their rent or buy food.”

According to Luigi, the CSS wallet was set up on an Ubuntu system in 2020, along with a Monero node. 

Details Of The Hack 

Luigi used a hot wallet to make payments to community members. This wallet has been on a Windows 10 Pro desktop since 2017. The hot wallet was funded by the CSS wallet as and when needed. However, on the 1st of September, the CSS wallet was wiped clean in nine transactions. Following the incident, the Monero core team is calling for the General Fund to cover current liabilities. Spagni noted in the GitHub thread, 

“It’s entirely possible that…

Source…

Android 14 QPR1 Beta 1 seems to break Google Wallet

/in


google wallet security

Google released the first beta to Android 14 QPR1 last night for Pixel phones, but eager testers should be aware that Google Wallet isn’t currently functional.

NFC payments via Google Wallet are a useful part of almost any Android phone, and with more and more merchants accepting that as a form of payment, many have come to rely on the functionality in their day to day. However, running early or rooted software can often result in the device failing to meet security requirements, and, as such, blocking Wallet from actually working.

While Android 14’s beta program largely worked with Google Wallet, that’s not the case for the first QPR1 beta.

On my Pixel Fold, opening the Wallet app results in a pop-up saying that the “device doesn’t meet security requirements” and that “you can’t tap to pay with this device.” Attempting to add a new card results in a similar error.

Notably, Wallet didn’t purge any of the cards I already had set up for NFC payments on my Pixel Fold, nor does it seem to indicate that they won’t work. It only tells me that I can’t add a new card. That said, I’d guess that tap to pay would be blocked if I actually tried to use it.

Update: Shortly after this story went live, some readers chimed in that Google Wallet is still working, so your results may vary.

If Google Wallet payments in-store are a crucial part of your day-to-day, it’s certainly for the best that you avoid installing Android 14 QPR1, at least until this gets fixed in forthcoming updates as it usually does.

More on Android:

FTC: We use income earning auto affiliate links. More.

Source…