Last week two different hacks were uncovered for Google Wallet. One, required the phone to be rooted and the hacker to have physical access to an unlocked phone. The second hack was far more sinister, not requiring the phone to be rooted, involving clearing the data in app settings. Google has officially plugged up the second hack, restoring users ability to use prepaid cards with Google Wallet again.
The more recent hack, discovered late last week, allowed a hacker to reset the Google Wallet PIN. This was accomplished by clearing the data in the app settings for Google Wallet. Once this was done the app would get confused and prompt the user to enter a new PIN number. After resetting the PIN the hacker could link a prepaid card to the account and automatically have access to that payment method as well as all the other information previously stored in that user’s wallet.
That hack did not require the phone to be rooted and it was independently confirmed by a number of users as well as Google themselves. In response Google disabled the use of prepaid cards with Google Wallet to try and put a stop to the exploit while they worked on a fix.
Google has now fixed the security hole that allowed this hack to happen which means prepaid cards are once again okay to use with Google Wallet. The statement regarding this issue on the official blog for Google Wallet read,
“Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet. In addition, we issued a fix that prevents an existing prepaid card from being re-provisioned to another user. While we’re not aware of any abuse of prepaid cards or the Wallet PIN resulting from these recent reports, we took this step as a precaution to ensure the security of our Wallet customers. If you are unable to access your previous prepaid card balance for any reason, please contact our toll-free support for assistance.”
The fix doesn’t account for the other “hack”, originally uncovered by zvelo. That hack seems to be far less of a concern because it requires someone who has a good amount of knowledge, and physical access to an unlocked, rooted phone with Google Wallet to be used.
0 Comments on Google Wallet ‘data clear’ security hole plugged
Most popular headlines
Windows Blue to allow boot to desktop and brings start menu back? (3)
- Tue 16 Apr 16:12 by DoMiN8ToR
- Software, Windows 8
The upcoming update of Windows 8 might allow users to boot to the desktop again.
Jobs in US entertainment industry on all-time high - piracy?! (8)
- Fri 12 Apr 15:10 by DoMiN8ToR
- Piracy
The number of jobs in the film and music industry in the United States has increased despite the claimed negative effects of illegal downloads.
The Piratebay domain moves to Greenland - circumvents blockade (3)
- Tue 9 Apr 14:23 by DoMiN8ToR
- Piracy
The PirateBay has moved to the domain thepiratebay.gl in fear that their previous domain would be ceased by Swedish authorities
Intel 9 series chipset has native SATA Express (SATA over PCIe) support (2)
- Wed 17 Apr 13:57 by DoMiN8ToR
- Solid State (ssd)
A Chinese tech site has posted a picture that reveals details on Intel's 9 series chipset.
