Recently a Google Wallet vulnerability was announced that allows an attacker to crack a users 4-digit pin quickly. The PIN is used to protect users against unauthorized purchases which creates a waterfall for anyone wanting to steal cash through your device.
Cracking the Google Wallet PIN is only possible (according to Google) if the device is rooted and does not have some sort of lock screen security enabled. If this is the case then anyone can install an app on your device that will reveal the 4-digit PIN that you have created for Google Wallet. After that the hacker can just spend you money through your phone all day long.
Google is aware of the issue and is working on a fix now. They did however offer a statement for users to take note of:
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.
What it comes down to is if your using a rooted device don’t put Google Wallet on it until there is a fix for the loophole. According to Google if your running your stock Android ROM you have nothing to worry about. We say either way just make sure you don’t lose your phone or let people use it you don’t trust and you should be good.
I wonder if the moneto app has the same issue.