I just came across this article from last February regarding Google Wallet and how the PIN is kept on the O/S instead of on the NFC chip. Supposedly only rooted phones are susceptible because of access to the file system and a brute force attack could be accomplished rather efficiently given this is only a 4 digit pin. My question is has this changed by a security update from Google or is this something we all should be concerned about?
Thanks
It's been awhile since this was out, but as I recall, it was only an issue for pre-paid cards. If you added funds to your prepaid card, someone could technically gain access and use whatever amount was left on the card. That was it.
With the newest version, you can disable wallet for a given device from your Google account. You can also remove any credit cards associated with the Wallet app.
The thing to remember is this: These hacks required access to your phone. It wasn't like someone was remotely tapping into Wallet and had free reign to your bank account. Google Wallet still seems more secure than your wallet in your back pocket. At the very least, it's just as safe.
I'm not giving a free pass to Google. They should and have - AFAIK - fixed any known issues with Wallet. But this "security issue" was never any worse than someone losing their wallet or purse. If you lose your phone, regardless of how secure the Wallet app is, you'll still want to immediately disassociate the phone from Wallet, or remote wipe it if you can. (And to be absolutely safe, report any associated cards as stolen.)