Google Wallet, the NFC (Near Field Communication) payment service from Google has been reported flaw. Google wallet requires a 4 digit pin to access the Wallet Account and it has been reported that the Wallet PIN can easily be hacked. Google’s argument is that this flaw is identified on the mobile phone that has been rooted (by the owner) and hence it is of low risk. Also the credit card account has its own security features.
The most shocking news is another vulnerability in terms of how the user can change the PIN for accessing the Google Wallet account. The credit card information and the Wallet PIN is mapped to a user device and not a Google Account (its very hard to believe why Google has done this , given that it always ties all the user activity to a Google Account). So, anyone holding your NFC enabled phone with Google Wallet, can have access to the application settings and can change the PIN. Since I am not a Google Wallet user, I am not sure how it works. However I would expect Google to ask the users previous PIN before accepting the new PIN. If it does not ask, then its a real dumb piece of code.