Security systems seem to fall quickly with today's tech, but this particular bit of news makes you wonder how such an obvious design flaw made it past Google to begin with. Just one day after we found out about an exploit in Google Wallet that would allow a phone thief to "brute force" hack his way into your mobile wallet account, a far easier method than the previous one has been discovered. In fact, this easier method doesn't even require your phone to be rooted, nor does it require the thief to be very tech-savvy at all. Here's a quote from the Talk Android article with the details,
That's pretty scary, and what is even more scary is that this has been confirmed by multiple sources, and Google even issued a statement on the issue,Basically all individuals have to do to access a user’s funds is clear the data in the app settings— which forces Google Wallet to prompt them to enter a new PIN. After the new PIN is entered, it’s as simple as adding a Google Prepaid Card tied to the device and then there the ability to access any available funds.
You can see the exploit in action in the video above. Hmmm... if I wanted to use the Google Wallet service, I think I would consider waiting until Google worked out a fix for this. What do you guys think?”We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”
Source: Android.net via TalkAndroid