updated 06:40 pm EST, Thu February 9, 2012
Bug allows users to create new PIN
Yet another Google Wallet vulnerability has been spotted, just one day after security researchers published details of a similar issue that only affects rooted devices. The latest vulnerability is claimed to affect all Android devices, however, including those running stock software.
The issue enables potential thieves to gain access to someone's Google Wallet account without knowing the PIN or using a cracking tool. After clearing the data for the Google Wallet app, the user can simply restart the app and enter a new PIN before making payments using the handset owner's payment account.
Google is believed to have already issued an update that resolves the problem with rooted handsets, however the fix is said to be pending approval from hardware manufacturers. In either case, users can protect their accounts by placing a passcode on the Android unlock screen. [via AndroidGuys]