Google Wallet vulnerability expands to stock Android phones
updated 06:40 pm EST, Thu February 9, 2012
Bug allows users to create new PIN
Yet another Google Wallet vulnerability has been spotted, just one day after security researchers published details of a similar issue that only affects rooted devices. The latest vulnerability is claimed to affect all Android devices, however, including those running stock software.
The issue enables potential thieves to gain access to someone's Google Wallet account without knowing the PIN or using a cracking tool. After clearing the data for the Google Wallet app, the user can simply restart the app and enter a new PIN before making payments using the handset owner's payment account.
Google is believed to have already issued an update that resolves the problem with rooted handsets, however the fix is said to be pending approval from hardware manufacturers. In either case, users can protect their accounts by placing a passcode on the Android unlock screen. [via AndroidGuys]
Fresh-Faced Recruit
Joined: Apr 2001
Google will fix it
Google developers will have a fix by next week. Then, it'll take the hardware vendors six months to get it on their phones, and another three months for your cell phone service provider to download it on your phone.
That's if your phone isn't considered obsolete because it's over six months old.