Researchers at security firm Zvelo warned that Google Wallet PINs can be cracked in a few seconds on rooted Android devices.
According to a blog post made Wednesday by Joshua Rubin of Zvelo, the 4-digit PIN can be discovered by a brute-force attack in less than 10,000. This is a trivial task that would take only a few seconds even on a simple smartphone.
Joshua then explained that Android has security measures that limit the number of cracking attempts to 5, rendering this attack impossible; Problem is, those security measures can be bypassed easily on rooted devices.
In response to Joshua's findings, Google issued the following statement:
"The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone."