Google Wallet Hacked Again

Monday, February 13, 2012 @ 06:02 PM gHale


Google Wallet suffered from a hack that exposed a user’s PIN, but that was not the end as a second hack went online that works on non-rooted devices and requires no special hacking skills.

All someone has to do to access your funds is clear the data in app settings, which will force Google Wallet to prompt them to enter a new PIN, said security company Zvelo. Once the attacker enters a new PIN, he can add a Google Prepaid Card tied to the device and access any available funds.

RELATED STORIES
Rewards Mean Users Secure
Flaw in Google Wallet PIN Security
Breach Aftermath: Hijacked Sites
Google Secures Chrome 17
Chrome Loses SSL Query Capability

It sound almost too simple to be true, but in a test it worked easily. Google will be releasing an update shortly to address both issues.

Mobile blog TheSmartphoneChamp uploaded a video to YouTube that demonstrates the vulnerability.

If a users wants to protect his Android phone it is best to setup the lock screen and install a tracking software in case the device gets lost.

“We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card,” Google said in a statement. “We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”



Leave a Reply

You must be logged in to post a comment.