It seems trivially easy to get access to an account of Googles mobile payment service Wallet. By the data in the app is stored to throw away for a new pin requested, making a hack is not necessary.
The application data can easily be discarded by going to the settings of the Android device. When an attacker than a prepaid debit card from Google Wallet link, access is obtained to the money that the user has already prepaid on his phone. Because prepaidtegoed is linked to the phone and not on a account, money remains available despite the reset of the application data.
Google raadt Wallet-users that their phone be lost to call the customer service for the prepaid cards that the company offers to block. This should the trick not work anymore. We are working on a software update which, according to the internetgigant is being quickly rolled out.
Recently came Wallet already in the news because a security firm had managed the pin to find out. There was a brute force attack is used for hashes of the pin to read. This technique proved to work only on Android devices that roottoegang, so that the impact remains limited. The newer method is, however, a lot simpler, and works for all users of Wallet. However, should see the Android device of the Wallet user in the hands of and access to the unit.