We told you yesterday that security firm zVelo was able to demonstrate a hack that would allow a user to bypass Google Wallet’s PIN verification system on a device with root access. We followed up with reports that Google was working on a fix for the bug. Now, a new hack posted online claims to allow access to Google Wallet without the need for root access, which further allows anyone to easily access funds in a few steps. TheSmartphoneChamp reported (via AndroidandMe):
The security flaw is painfully easy to do and requires no extra software nor does it require root. All a person who wants to access your Google Wallet has to do is go into the application settings menu and clear the data for the Google Wallet app. After doing that your Google Wallet app will be reset and will prompt for you to set a new pin the next time you open it. The problem here is that since Google Wallet is tied to the device itself and not tied to your Google account, that once they set the new pin and log into the app, when they add the Google prepaid card it will add the card that is tied to that device.