A new exploit has been discovered that allows
unauthorized access to a user's Google Wallet account with a simple hack that
can be performed by anyone in a matter of minutes. A security firm recently
exposed a Google Wallet vulnerability that allowed hackers to bypass PIN
protection, but the vulnerability is only present on rooted Galaxy Nexus
handsets. This new exploit, however, does not require a handset to be rooted,
which leaves all Google Wallet users exposed. Read on for more. As mobile blog
The Smartphone Champ explains, the newly
exposed security hole allows someone to simply reset a user's Google Wallet
password by clearing the Google Wallet application data from within the phone's
settings menu. A user's Google Wallet PIN is not required to wipe this data and
once the information has been cleared, the handset will prompt the user for a
new PIN without first requiring that the old PIN be entered. Anyone who performs
this simple procedure will be able to access funds on the original user's Google
prepaid card.
A Google spokesperson acknowledged the
vulnerability and gave the following statement to
Android and Me: “We strongly encourage anyone who loses or wants to sell
their phone to call Google Wallet support toll-free at 855-492-5538 to disable
the prepaid card. We are currently working on an automated fix as well that will
be available soon. We also advise all Wallet users to set up a screen lock as an
additional layer of protection for their phone.”