02:41 PM
Connect Directly

Vulnerabilities Uncovered in PayPal's iPhone App

Flaw allows hackers to intercept user passwords; PayPal has prepared a fix that users can download.

viaForensics' new appWatchdog service has found vulnerabilities in PayPal's mobile payment application for the iPhone that could allow a hacker to intercept users' passwords.

According to the Wall Street Journal, the hole stems from the app's failure to confirm the authenticity of PayPal's website when communicating over the Internet, a basic lapse that the security researcher who found the flaw said would allow someone to access the accounts of unsuspecting users.

"PayPal spokeswoman Amanda Pires said the eBay Inc. unit verified the vulnerability Tuesday night and sent a new version of the app to Apple Inc.'s App Store that users will have to download," the article stated. "PayPal also said it would reimburse 100% of any fraudulent activity."

The vulnerability only affects iPhone users connecting over unsecured Wi-Fi networks, according to PayPal. A hacker could set up a Wi-Fi hotspot in a location, such as a train station, and wait for someone to use the network for a PayPal transaction on their iPhone app. PayPal said its iPhone app has been downloaded more than four million times since it was released in April. In October, the company said it expects more than $700 million in mobile payments to go through its system by the end of this year.

This security oversight follows on the heels of PayPal's service outage last Friday, which prevented merchants from processing PayPal payments for several hours. According to a blog written by Scott Guilfoyle, PayPal's CTO, the outage was the result of a network hardware failure in one of PayPal's data centers. "We were not able to switch over to our back up systems as quickly as planned," he writes.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.