Published February 10, 2012
A new exploit has been discovered that allows unauthorized access to a user’s Google Wallet account with a simple hack that can be performed by anyone in a matter of minutes. A security firm recently exposed a Google Wallet vulnerability that allowed hackers to bypass PIN protection, but the vulnerability is only present on rooted Galaxy Nexus handsets. This new exploit, however, does not require a handset to be rooted, which leaves all Google Wallet users exposed.
As mobile blog The Smartphone Champ explains, the newly exposed security hole allows someone to simply reset a user’s Google Wallet password by clearing the Google Wallet application data from within the phone’s settings menu. A user’s Google Wallet PIN is not required to wipe this data and once the information has been cleared, the handset will prompt the user for a new PIN without first requiring that the old PIN be entered. Anyone who performs this simple procedure will be able to access funds on the original user’s Google prepaid card.
A Google spokesperson acknowledged the vulnerability and gave the following statement to Android and Me: “We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”