Over the last day or so, there’s been a lot of talk about security flaws in Google Wallet.
It began with a hack that only affected people who rooted their Android phones. Google’s answer to that was to not install Google Wallet on rooted devices, which is a pretty reasonable request.
But now there’s an even easier hack that affects all devices running Google Wallet, whether they’re rooted or not. TheSmartphoneChamp discovered a vulnerability that’s almost too easy to perform. It gives the hacker access to the funds on your prepaid Google card.
If your phone is lost, all a thief has to do is go into the Google Wallet app’s settings and clear the data. When the app is relaunched, the PIN can be reset, providing full access to your account.
In a statement to Android And Me, Google said it was aware of the flaw and is now working on a fix:
We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.
So how can you protect yourself in the meantime? Besides not losing your phone, your best bet is to enable your phone’s password lock. If a thief can’t unlock your phone, there’s no way he can hack your Google Wallet.
Here’s a video from TheSmartphoneChamp of the hack in action: