Google Wallet will temporarily stop provisioning prepaid credit cards to prevent the exploitation of a recently discovered vulnerability which allows crooks to siphon funds out of devices that are lost or stolen.
Google disabled the prepaid capability on February 10, a day after The Smartphone Champ blog exposed what it called a "painfully easy" exploit that allowed people to recover prepaid balances stored in Google Wallet without knowing the personal identification number protecting the app. To exploit the flaw, attackers need do nothing more than clear data from its settings menu and set a new PIN.
"The problem here is that since Google Wallet is tied to the device itself and not tied to your Google account, that once they set the new pin and log into the app, when they add the Google prepaid card it will add the card that is tied to that device," a blogger with the name Hashim wrote. "In other words, they’d be able to add your card and have full access to your funds."