| Recurring |
one_organization |
(a) The software failure incident related to cracking a Google Wallet PIN using a brute force attack on a rooted device was specific to Google Wallet. The incident occurred with a device that was rooted, and Google mentioned that there was no known vulnerability that would allow someone to gain root access while preserving Wallet information such as the PIN. Google is working on a fix for this issue and has advised users not to root their phones and to set up a screen lock on the device to enhance security [10158].
(b) There is no information in the provided article about the software failure incident happening at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the discovery by researchers at security firm zvelo that they could crack a Google Wallet PIN using a brute force attack on a rooted device. This vulnerability was identified as a result of the security mechanisms being disabled by rooting the device, which introduced a flaw in the design of Google Wallet's protection measures [10158].
(b) The software failure incident related to the operation phase is highlighted in the article by mentioning that someone would have to get physical access to the device and install password cracking software on it to get to the PIN. This indicates that the failure could occur due to the operation or misuse of the device by unauthorized individuals attempting to root the device without the owner's permission, leading to potential security breaches [10158]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident related to the Google Wallet PIN being crackable through a brute force attack on a rooted device is primarily within the system. The vulnerability was discovered by researchers at zvelo who conducted the study on their own phone by disabling the security mechanisms that protect Google Wallet through rooting the device [10158]. This indicates that the failure originated from within the system itself, highlighting a flaw in the security measures of Google Wallet.
(b) outside_system: The software failure incident does not seem to have contributing factors that originate from outside the system. The article does not mention any external factors or actors that played a role in the vulnerability of the Google Wallet PIN. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident in the article is related to non-human actions. The failure was due to the security mechanisms being disabled by rooting the device, which allowed for a brute force attack on the Google Wallet PIN. This vulnerability was discovered by researchers at zvelo on their own phone where they disabled the security mechanisms [10158]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident in the article is related to hardware as it mentions that the Google Wallet PIN can be cracked using a brute force attack on a device that is "rooted," which means freed of security restrictions imposed by wireless carriers. This indicates that the vulnerability exploited in this incident originates from the hardware aspect of the rooted device [10158].
(b) The software failure incident is also related to software as it discusses the security mechanisms that protect Google Wallet being disabled by rooting the device. This indicates that the software aspect of the device's security mechanisms was compromised, leading to the vulnerability exploited in the incident [10158]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident described in the article is non-malicious. The incident involved researchers at security firm zvelo discovering a vulnerability in Google Wallet that allowed for cracking a PIN using a brute force attack on a rooted device. The researchers conducted the study on their own phone by disabling security mechanisms to root the device, highlighting a flaw in the system that could potentially be exploited. Google is working on a fix for the vulnerability and advises users not to root their phones and to set up additional security measures [10158]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident related to the Google Wallet PIN being crackable through a brute force attack on a rooted device can be attributed to poor decisions. This is evident from the fact that the vulnerability was discovered due to the security mechanisms being disabled intentionally on the researchers' own phone by rooting the device [10158]. Additionally, the incident highlights the potential risks associated with rooting devices and the importance of maintaining security measures to prevent such vulnerabilities. |
| Capability (Incompetence/Accidental) |
unknown |
(a) The software failure incident related to development incompetence is not evident in the provided article. The incident described in the article is related to a security vulnerability discovered by researchers at zvelo in Google Wallet, where a PIN could be cracked using a brute force attack on a rooted device. The article mentions that Google is working on a fix for the vulnerability and advises users not to root their phones and to set up a screen lock on the device. There is no indication of the failure being due to development incompetence.
(b) The software failure incident related to an accidental factor is not explicitly mentioned in the provided article. The incident described in the article is about the security vulnerability in Google Wallet discovered by researchers at zvelo. The vulnerability was identified through a study conducted by zvelo on their own phone where they disabled security mechanisms by rooting the device. The article does not suggest that the vulnerability was accidentally introduced but rather highlights the specific conditions under which the PIN could be compromised. |
| Duration |
temporary |
The software failure incident described in the article is more temporary than permanent. The incident involves a vulnerability in Google Wallet that allows for PIN cracking through a brute force attack on a rooted device. However, the article mentions that Google is working on a fix for the issue and advises users not to root their phones and to set up additional security measures. This indicates that the failure is not permanent but rather temporary, as measures are being taken to address and mitigate the vulnerability [10158]. |
| Behaviour |
value |
(a) crash: The article does not mention any crash of the Google Wallet software. [10158]
(b) omission: The software failure incident related to the Google Wallet PIN being cracked through a brute force attack does not involve the system omitting to perform its intended functions. [10158]
(c) timing: The incident does not involve the system performing its intended functions too late or too early. [10158]
(d) value: The software failure incident is related to the system performing its intended functions incorrectly, as the PIN was compromised through a brute force attack. [10158]
(e) byzantine: The incident does not involve the system behaving with inconsistent responses and interactions. [10158]
(f) other: The behavior of the software failure incident in this case is related to a security vulnerability that allowed the Google Wallet PIN to be cracked through a brute force attack on a rooted device. [10158] |