Alert!!! Security hole found in PayPal's iPhone application

Daniel Doty
November 5, 2010

Page All:

Page 1


A security research firm has discovered several security problems with PayPal’s iPhone app, warning that hackers can use man-in-the-middle attacks to steal sensitive user data.

Even though it has been reported fixed by PayPal, I am not so sure I would continue using the PayPal application on the iPhone. People may want to wait this one out, and make sure that it is okay to use.

Here is a blurb from the article:


According to an audit of the app by Chicago-based viaForensics, the vulnerability stems from the app’s failure to confirm the authenticity of PayPal’s website when communicating over the Internet.

Without that confirmation, a hacker could electronically step between a user and PayPal, pretend to be the PayPal website and gather usernames and passwords. The hacker would need to be in the same physical location as the user or have gained access to the same Wi-Fi network.

In practice, that could mean setting up a Wi-Fi hotspot in a location, such as a train station, and waiting for someone to use the network for a PayPal transaction on their iPhone app. It would be a fishing expedition, but the equipment and software needed is commonly available.

To read more, and find out more on this security issue, jump over to ZDNet and read the rest of the article.



Medium Image View Large