Google’s Wallet which has replaced traditional Wallets and provided mobile payment services, online transactions and shopping easier has some vulnerability as per the latest research.
Google Wallet is protected by a PIN as well as the phone’s lock screen, if the user has enabled the option. This security feature allows five invalid PIN entry attempts before locking the user out. In a latest report, it is known that the system is vulnerable with which the PIN can be revealed without any invalid attempts. This, however, bypasses the entire security functionality of the smartphone and grants access to Google Wallet without having the user to enter the PIN.
Rubin developed an app dubbed Wallet Cracker that he says can break the four-digit PIN required to launch the Google Wallet app. He demonstrated how it works in a video on his blog. Rubin said that he had disclosed his findings to Google and that the company “was able to confirm the issue and agreed to work quickly to resolve it.”
He stated that it was theoretically possible if a hacker was able to physically steal a user’s phone.
Jimmy Shah, a security researcher for McAfee, said it would some amount of time for the hacker to install the Cracker app along with a piece of malware in order to disable phone’s security system. The hacker, however, would still need the user’s phone in order to make payments using the stolen Google Wallet.
This threat only applies to Android Devices that have been “rooted”. So, all you Android freaks watch out! Rooting isn’t recommended for amateurs and is usually fruitful for Software geeks. So, to some extent, “rooting” your phone always comes with risks and as well violates the warranty.
Google has consistently warned users about the threat. Google has issued the following statement regarding the new method –
We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.
Currently, you can only link a Citibank MasterCard to your Google Wallet account for payments. If you don’t have one of those cards, Google provides a pre-paid card that acts as a credit card, to which you can transfer money from any of your existing accounts (Citibank or any other creditor). The problem is, once you link your prepaid account to that phone, the linking data stays inside the phone — even after wiping a phone of all your personal information.