Recently, a zvelo senior engineer discovered a “significant security vulnerability” on Google Wallet. This discovery revealed the PIN numbers of its users. Considering that this app dealt with an individual’s finances, zvelo felt it was their responsibility to alert users of the mobile payment app. By posting their findings on their blog, zvelo did exactly that. In addition to this, they also posted a demo video on what the issue would do.
Thankfully, Google has already been notified of this and they have responded that they are working on a fix for the bug.
“The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
“We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.”
If you have a device that’s not been rooted, are you also experiencing the problem on your Google Wallet app?