A senior engineer within zvelo, a leading provider of website categorization, URL database and real-time malicious website detection solutions for the OEM market, has discovered a significant security vulnerability in the Google Wallet mobile phone payment system.
The engineer cracked and exposed the Google Wallet 4-digit PIN needed in order to authorize and process mobile phone payments. This PIN is intended to serve as the differentiating and additional security component that traditional, physical credit cards do not provide.
zvelo immediately disclosed its findings to Google who confirmed the PIN vulnerability and moved quickly towards releasing a fix.