July 31, 2014

Google Wallet vulnerability not just for rooted phones

google_wallet_vending_machine

A second Google Wallet vulnerability has been found today, hot on the heels of the previous reports of a PIN number exploit.  Initially thought to only be a flaw in rooted phones, this new vulernability affects and and all users running Google Wallet.

According to TheSmartphoneChamp it is very easy to get around the PIN number from the NFC payment application.  It’s as simple as clearing the data under application settings. Let’s pretend you just lost your phone for a moment, shall we?   Upon opening the app afterward, the user is asked to enter a new PIN. Once a new PIN has been created the bad guy can add a Google Prepaid Card tied to the handset and then potentially access available funds.  In other words, it’s like as if someone had found your real wallet and was then using the money or cards to pay for things.

Google was already aware of the initial problem but we get the feeling they will be issuing an update in short order.  Even though it affects a limited number of users, it’s scary to think how easy it is to get around at this time.

User your noodle, boys and girls.  If you don’t have a password-protected home screen or PIN number keeping you safe then you’ll want to add a layer of security to your apps.