Skip to main content

Google Wallet cracked again, this time without root access

[youtube=http://www.youtube.com/watch?feature=player_embedded&v=Rh1ytHrhj2E]

We told you yesterday that security firm zVelo was able to demonstrate a hack that would allow a user to bypass Google Wallet’s PIN verification system on a device with root access. We followed up with reports that Google was working on a fix for the bug. Now, a new hack posted online claims to allow access to Google Wallet without the need for root access, which further allows anyone to easily access funds in a few steps. TheSmartphoneChamp reported (via AndroidandMe):

The security flaw is painfully easy to do and requires no extra software nor does it require root. All a person who wants to access your Google Wallet has to do is go into the application settings menu and clear the data for the Google Wallet app. After doing that your Google Wallet app will be reset and will prompt for you to set a new pin the next time you open it. The problem here is that since Google Wallet is tied to the device itself and not tied to your Google account, that once they set the new pin and log into the app, when they add the Google prepaid card it will add the card that is tied to that device.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & Electrek.co. He also co-authors 9to5Mac’s weekly Logic Pros series and makes music as one half of Toronto-based Makamachine.