If you use Google Wallet on your Android device, keep a good eye on your phone. As revealed in a video by the blog The Smartphone Champ, a vulnerability in Google Wallet allows anyone who finds your phone to easily access your funds on a Google prepaid card.
With this hack, all a person has to do in order to access your Google Wallet is go to your phones application settings, find the Google Wallet app and choose to clear all its data. This will reset the app, and the next time it’s opened, it will ask the user to create a new PIN, as if it’s running for the first time. And here is the catch, Google prepaid cards are not tied to your Google account, but to the device itself, so when a new PIN has been set, the card can be easily added back, along with access to your funds.
Earlier this week, another hack was exposed by security blog Zvelo, which compromises the Google Wallet PIN number. This method, however, requires the device to be rooted, which renders the whole operation much harder to execute. This new method, however, can be used by literally anyone.
According to CNET, Google has released the following statement:
“We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”
So if you use Google Wallet, keep your eyes on your device (even more than usual), at least until Google fixes this problem.