Feb 09 AT 1:54 PM Taylor Wimberly 30 Comments

Google Wallet hacked again, no root access required this time

google-wallet-hack

Early this morning security frim  Zvelo revealed a hack for Google Wallet that exposed a user’s PIN. Fortunately this vulnerability only affected rooted phones, as Google was quick to point out to The Next Web. Now a second hack has been posted online that works on non-rooted devices and requires no special hacking skills.

Mobile blog TheSmartphoneChamp uploaded a video to YouTube that demonstrates the vulnerability. All someone has to do to access your funds is clear the data in app settings, which will force Google Wallet to prompt them to enter a new PIN. Once the new PIN has been entered, they can add a Google Prepaid Card that is tied to the device and access any available funds.

It sound almost too simple to be true, but I tested it on my Galaxy Nexus with the latest official version of Google Wallet and it works like a charm. We expect Google will be releasing an update shortly to address both issues.

As a reminder, if you want to protect you Android phone it is best to setup the lock screen and install a tracking software like Lookout in case you ever lose your device.

Update: Google has provided us with the following statement:  “We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.

Source: TheSmartphoneChamp

Taylor is the founder of Android and Me. He resides in Dallas and carries the Samsung Galaxy S 4 and HTC One as his daily devices. Ask him a question on Twitter or Google+ and he is likely to respond. | Ethics statement

    Most Tweeted This Week