Just over the last week we first reported Google Wallet’s PIN Verification System Reported Security Flaw – the PIN verification system on rooted devices that carry Google wallet can be cracked using an app that is available freely online – followed by the second vulnerability reported results in a way that if a person who wants to access you Google Wallet has to do is go into the application settings menu and clear the data for the Google Wallet app – once done, your Google Wallet app will be reset and will prompt for you to set a new pin the next time you open it – Google in response over the issue responded, “strongly discourages: users to modify their Android device as “the product is not currently supported on rooted phones.”
According to Zvelo, the company who identified the issue with the payment stated,” While it is true that this PIN vulnerability requires root privileges to succeed, it does not require that the device be rooted previously”. Adding, “We were able to test this code and achieve root permissions on our Galaxy Nexus running the latest stock ICL53F without losing any preexisting data on the device. This would enable a malicious app to access the Google Wallet PIN, and any other data on a vulnerable device without it being pre-rooted.”
“There are almost certainly other privilege escalation vulnerabilities within Android and iOS and it is likely just a matter of time before they are discovered and become publicly known. It would be better to take a more defensive approach to securing mobile devices that assume that such vulnerabilities will continue to be found and exploited.”
The company pointed out both the Android and iOS security models indicating the access levels the device users must have with them. On the account of the second issue, Google has already suspended the issuing of Google Wallet accounts pre-paid cards.