Fresh off bad news concerning the vulnerability of rooted Android phones, Google Wallet is trying to douse another fire. Last week, blog The Smartphone Champ reportedly found a major flaw in Google Wallet’s prepaid cards — a hack that even a relative Luddite could pull off.
Say a stranger finds your Galaxy Nexus on the ground. According to the blogger, if the screen is unlocked, all that person has to do is go into the Google Wallet application settings menu and clear its data. Next time the app is opened, it prompts the user to reset the pin, after which a thief has full access to any money in the prepaid account.
If the Smartphone Champ’s poorly lit video failed to convince anyone this is a real threat, Google’s actions indicate that Google Wallet users should be concerned. Over the weekend, Osama Bedier, vice president of payments at Google, issued this statement:
… to address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon.
Granted, nobody’s yet hacked a non-rooted, non-prepaid account, but these are warning signs for Google Wallet and near-field communications (NFC) payments in general. Still, as Google and many security experts have already noted, you’d probably rather a thief find your phone with Google Wallet on it, than your actual wallet filled with plastic credit cards.