February 10, 2012, 10:42 AM —
Attendees watch a demonstration of the Google wallet application screen during a news conference unveiling the mobile payment system in New York May 26, 2011.
REUTERS/Shannon Stapleton
Simple, non-tech hack opens Google Wallet giving full access to phone funds.
Twice in two days, with different hacks, must be a record for security epic fail. First, there were reports of brute force attacks breaking the four digit PIN (Personal Information Number) on "rooted" Android phones. Rooting violates security recommendations, but many do it. This was troublesome, but not serious.
The second hack is serious (see video), and Google acknowledged the problem. A thief need only clear the data in your app settings, which causes Google Wallet to ask for a new PIN. Yes, ask the thief for a new PIN. That gives access to any Google PrePaid card resources. Google is working on an update, and suggests everyone use a PIN-based, not a swipe-based, screen lock.
Holy crap
This is a major security flaw, and a stupid one at that.
roofuskit on theverge.com
Erm, how many sets of eyes/hands has Google Wallet been past/through over at the Chocolate Factory? Must be at least several hundred people, evidently none of whom thought to check this,
Tony Barnes on theregister.co.uk
Collectively, after 30 or so years, we've just not caught on to IT security yet.
Graham Wilson on theregister.co.uk
Not worried
So, is this more dangerous than if I lose my ACTUAL wallet?
fritzo2162 on gizmodo.com
this is a issue that Google needs to fix, but I don’t think its as severe as its made out to be.
tekapo on theverge.com
even with all these vulnerabilities, your CC is a lot safer in your phone than in your physical wallet.
thaprinze on theverge.com
Security fail
Faildroid.
Microsoft on theverge.com
Posted on the same day as the article "lets kill cash... our moneyless future" haha!
tailsNZ on gizmodo.com
Maybe I’m missing something, but why not just force users to enter the PIN before the user can “clear the data” in the first place?
jonmilani on theverge.com
Other Google advice: don't lose your phone. Good luck with that.
