Google Wallet has been hacked! Wallet Cracker, an application developed by Zvelo, is able to use brute-force attacks to reveal the Google Wallet PIN number which keeps the application secure. While this vulnerability is as serious as they come, it only affects Android handsets which have been rooted.
As soon as the vulnerability was discovered, Zvelo released its findings to the Google Wallet team who “agreed to work quickly to resolve it.” We do not know when Google Wallet will be updated to fix the PIN vulnerability, but we suggest you take some additional precautions to make sure your handset is secure just in case it falls into the wrong hands. Those of us who have been victims of credit card fraud know how quickly things can spiral out of control.
Google issued a response to The Next Web that said they are aware of the issue. We don’t know if Google is working on a fix yet, but suggested that users not install Google Wallet on rooted devices.
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.Google
How many of you are currently using Google Wallet on a rooted device?