Should have simply paid in cash.
Google Wallet is at the centre of a security flaw issue with the discovery that Google Wallet PIN information is stored on the phone itself. This means that a brute force attack can calculate the four-digit number without locking the phone as a result of invalid PIN entry attempts.
Zvelo is behind the discovery and has disclosed the issue to Google. This is a known issue that Google is attempting to resolve quickly.
The Near Field Communications (NFC) system was originally designed to make payments more secure. NFC payment systems allow users to make payments with their NFC enabled device on a PayPass reader or a small electronic box. The Google Wallet PIN is required to allow users to confirm purchases made with their phones.
Currently, Google Wallet is only available on one phone and on one network: the
Samsung Galaxy Nexus S 4G on Sprint in the United States. Other wireless providers including AT&T, Verizon, and T-Mobile have not allowed the Google Wallet app on their smartphones.
Thankfully the security flaw is only truly worrying if you rooted your phone. In this instance, you are advised to enable the lock screen on your phone and not to lose the phone itself.