A few days ago, we told you about a bug in Google Wallet which allows anyone who gets their hands on your phone to access your prepaid cards. This could be accomplished on any stolen or lost phone, rooted or not, providing the user did not set a lock screen. But Google have responded rather quickly and Google Wallet users can now breathe easier.
After previously disabling the provisioning of new prepaid cards, Google has now restored the ability to issue new prepaid cards in Google Wallet, and has also issued a fix that prevents re-provisioning of a prepaid card to another user.
Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet. In addition, we issued a fix that prevents an existing prepaid card from being re-provisioned to another user. While we’re not aware of any abuse of prepaid cards or the Wallet PIN resulting from these recent reports, we took this step as a precaution to ensure the security of our Wallet customers. If you are unable to access your previous prepaid card balance for any reason, please contact our toll-free support for assistance.
Last week, two Google Wallet hacks were exposed. The first one compromised the user’s PIN number, but required a rooted device and some more advanced knowledge to perform it. The second one, described above, could be easily done on any phone by anyone.
While Google’s fix does not take care of the first hack, it does take care of the more pressing issue of the prepaid cards. Google stresses again that Google Wallet is not supported on rooted phones, and encourages anyone who has encountered a problem or has a suspicion, to contact their toll-free support.
Do you feel it’s safe to continue using Google Wallet?
Source: Google Commerce Blog