Second Major security flaw found in Google Wallet….Rooted or not No One is safe (Video)

February 9, 2012 in Commentary, News by Hashim Fannin


Yesterday a story was run regarding a brute force method of accessing a person’s Google Wallet pin on their device.  Fortunately this doesn’t effect most people since you must be rooted for it to affect you.  However, there is yet another security vulnerability in Google Wallet that affects all users regardless of if they are rooted or not.  The security flaw is painfully easy to do and requires no extra software nor does it require root.  All a person who wants to access your Google Wallet has to do is go into the application settings menu and clear the data for the Google Wallet app.  After doing that your Google Wallet app will be reset and will prompt for you to set a new pin the next time you open it.  The problem here is that since Google Wallet is tied to the device itself and not tied to your Google account, that once they set the new pin and log into the app, when they add the Google prepaid card it will add the card that is tied to that device.  In other words, they’d be able to add your card and have full access to your funds.  This vulnerability is particularly bad as it does not require root or an other software in order to gain access to your Google Wallet.  All a person needs to be able to do this is access to your phone and within 1-2 minutes they will have complete access to your Google Wallet account.

Be Sociable, Share!