February 10, 2012, 10:42 AM —
Simple, non-tech hack opens Google Wallet giving full access to phone funds.
Twice in two days, with different hacks, must be a record for security epic fail. First, there were reports of brute force attacks breaking the four digit PIN (Personal Information Number) on "rooted" Android phones. Rooting violates security recommendations, but many do it. This was troublesome, but not serious.
The second hack is serious (see video), and Google acknowledged the problem. A thief need only clear the data in your app settings, which causes Google Wallet to ask for a new PIN. Yes, ask the thief for a new PIN. That gives access to any Google PrePaid card resources. Google is working on an update, and suggests everyone use a PIN-based, not a swipe-based, screen lock.
Erm, how many sets of eyes/hands has Google Wallet been past/through over at the Chocolate Factory? Must be at least several hundred people, evidently none of whom thought to check this,
Tony Barnes on theregister.co.uk
Other Google advice: don't lose your phone. Good luck with that.