Late last night we posted up a story about how easy it would be for a person to jack your PIN on Google Wallet. The original story was focused on rooted devices only. Later, it was revealed that a person could easily jack your Google Wallet account on a stock phone as well. The newest information doesn’t have any special hackery skills involved at all.
TheSmartPhoneChamp site posted a video on YouTube that demonstrates how stupid easy it is to utilize the security vulnerability. The thief would need to snag your device for just a moment and clear the apps data in the settings. That forces Google Wallet to prompt for a new PIN. Once they set a new PIN, all that is left is adding a Google Pre-Paid card to tie the device and card together.
As simple as it sounds, it is true. Taylor Wimberly at AndroidandMe gave it a shot on his stock Gnex and it worked like a charm. Now that another security hole has been discovered in Google Wallet, we fully expect Google to be issuing an update soon. Before, when it was root only they were covered. Now that a stock device has an even easier way to steal a PIN floating around they better get a solution in place ASAP.
To help protect yourself from this new type of thievery, you can always set up a lock on your lockscreen, but we know that is a pretty big headache at times. Your other option, don’t use/install Google Wallet till it is patched up somehow. Seems no one is safe anymore. Check out the quick video below of how stupid easy this is.
Source: TheSmartPhoneChamp via AndroidandMe