PayPal iPhone App Updated To Fix Major Security Flaw
Paypal has released an update for its iPhone app to fix a major security flaw that could allow hackers to access user’s username and password while connected over unsecured Wi-Fi networks.
PayPal, the internet payment provider of choice for millions of people around the globe had released an iPhone app back in March 2010.
The iPhone app included features such as Bump to “Send Moneyâ€ and â€œSplit the Checkâ€ – all aimed at making it easier to conduct online transactions securely within the confines of the iPhone.
Wall Street Journal reports:
The hole stems from the app’s failure to confirm the authenticity of PayPal’s website when communicating over the Internet â€”a basic lapse that the security researcher who found the flaw said would allow someone to access the accounts of unsuspecting users.[..]
The security flaw results from the app’s failure to verify the digital certificate for the payment service’s website, which is used to verify if a website is legitimate. So without this confirmation, a hacker on the same unsecured Wi-Fi network as the user could gather usernames and passwords.
PayPal spokeswoman Amanda Pires has clarified that the issue hasn’t affected any user so far but has also assured users that PayPal would reimburse any losses due to fraudulent activity caused by this security flaw.
With monetary transactions using mobile devices increasing day by day, this incident should serve as an eye opener to companies that are offering or planning to offer their payment services on smartphones.
If you use PayPal’s iPhone app then we would recommend you to download the update (iTunes link) as soon as possible.
- Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros
- 5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix
- Apple Acknowledges Security Flaw; Will Be Fixed In iOS 4.2
- Security Flaw Bypasses AT&T Samsung Galaxy S II Screen Lock
- Major Security Holes Found In Mobile Bank Apps