Google has disabled parts of its Wallet service as the company looks to address a high-profile security vulnerability.
The company said it has temporarily disabled the use of prepaid cards on its retail platform as it looks to remedy a security flaw which could allow an attacker to steal users' credentials.
"To address an issue that could have allowed unauthorised use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards," the company said in a blog post.
"We took this step as a precaution until we issue a permanent fix soon."
The announcement follows a report from security researchers at zVelo on possible attack scenarios on Google Wallet. Researchers found that certain pieces of information the mobile handset versions of Google Wallet were left unencrypted.
When accessed, the researchers reported that modified or "rooted" handsets could be accessed by an attacker and key pieces of information could be lifted and then analysed to reveal a user's PIN.
Additionally, attackers found that the process allows for the PIN to be uncovered without the need for brute force attacks, negating Google's own limits on unsuccessful logins.
While a fix is being developed, zVelo has recommended that users avoid rooting their handsets and enable the "lock screen" and "full disk encryption" features as well as disabling USB debugging to limit outside access from potential attackers.
Following the disclosure, the company said that a number of mitigating factors will limit the scope and risk of a potential attack.
First, the Google Wallet platform is still early in its deployment phase and is currently limited to the Galaxy Nexus and Nexus X handsets.
Additionally, the company noted that the rooting process is not supported by Google and in "most cases" the rooting process will cause the Wallet Software to automatically disable itself.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software