Latest Google Wallet hack picks your pocket

Researchers had just identified a brute-force way to crack Google Wallet PINs, and now there's another--and much easier--way to access a Wallet account.

Lance Whitney
Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
2 min read
Google Wallet hit by another hack.
Google Wallet hit by another hack. CNET/Marguerite Reardon

Google Wallet users might be wise to start getting a little nervous.

Yesterday, researchers outlined a complicated way to crack the Google Wallet PIN used to make purchases with the smartphone-based payment system. Now there's a new hack that could let a stranger gain access to the funds of Wallet users.

Described yesterday by blogging site The Smartphone Champ, the hack doesn't require extra software, root access, or any particular skills in general.

Instead, all someone apparently has to do it clear the data for the Google Wallet app in the smartphone's application settings menu. The app is then reset and will prompt the person to enter a new PIN the next time it launches. Since the Google Wallet information is linked to the device and not to the actual account, a person can then use the Google prepaid card already tied to the device to gain full access to the owner's funds, explained The Smartphone Champ.

This latest Google Wallet hack follows an earlier hack reported by security blogging site Zvelo.

That one, however, required root access to the device, something that requires a certain amount of time, effort, and skill (or luck) to acquire. But the new hack can be performed by anyone within a matter of minutes.

Android blogging site Android and Me tested the hack and found that it worked on a Galaxy Nexus phone with the latest official version of Google Wallet.

In response to the hack, a Google spokesman sent CNET the following statement:

"We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone."

People who lose their phones can be especially vulnerable to a quick hack like this. So Android and Me further suggests that Google Wallet users install a security tracking app such as Lookout so they can locate the phone if it ever gets lost.