This week, a few new vulnerabilities were discovered in Google Wallet. The first requires that the device be rooted to allow someone near you to enable the stealing of a Google Wallet PIN. That exploit is about as easy to take advantage of as the last one we discussed, so we won't go into a lot of detail.
For those who do not know, Google Wallet allows for payment through a Citi Mastercard, a gift card or a Google prepaid card. The Google card allows you to tie any other form of payment, credit or debit from any company, as the funding method, allowing for payment through virtually any card. This third payment method, plus Google's tendency to not think before they act, are what allow a thief access to your money.
To find out how and hear Google's response, hit the break.
All that is required to gain access to all of your payment information is to steal the phone and wipe your settings. Yes, erasing your Google Wallet preferences is what allows a thief to make payments using your card. Once the settings are erased (mostly) and a new user attempts to setup an account on the device, your information will be pre-populated into the form.
Google, in response to the issue, said,
We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.
So, if you decide to sell your phone, call Google first so they can fix their latest mistake. That's convenient. I always call the OS manufacturer to inform them that I am selling my phone and ask what they may have done wrong that could lead to my credit card information being stolen. Actually, I always buy phones from companies I can trust - that's what I meant.