Two flaws in the Google Wallet payment service have recently been revealed.
The Zvelo security blog discovered that a ‘rooted’ Google Nexus S could have the encrypted PIN code broken if the phone was stolen. This would give the thief access to the user’s Google account, although simply setting a screen lock would prevent this.
A more widespread risk was noted by The Smartphone Champ, which found that Google Wallet was registered to a specific mobile device. Resetting the data for Google Wallet results in it prompting for a new PIN but using the original payment card details; a problem that would also occur if a compatible second-hand NFC Android phone was sold to a new user.
Google Wallet is currently a US-based service and hasn’t been launched in the UK.