Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
2 Men Arrested After Teen Was Run Over For His iPad
PayPal rushes to fix a critical security flaw in its latest iPhone app
PayPal has uncovered a critical security flaw in the latest version of its iPhone application, that it released last week. This flaw allows a hacker to access users' accounts, and their account passwords -- and stems from the fact that the app doesn't check the authenticity of the digital certificate for PayPal's website while communicating with it. For someone to be able to access your data, you'd have to be using the app on an unsecured Wi-Fi network and they would have to pretty much have embarked on a fishing expedition across that hotspot, but it can be done. Someone with malicious intent may then pose as PayPal and the app wouldn't know the difference.PayPal discovered the issue late last night and has already sent a patched version of its app to Apple for approval. It should become available in the iTunes App Store shortly. A PayPal spokeswoman said that the flaw doesn't seem to have affected anyone (yet?).
[via WSJ]
Comments
1
Subscribe to commentsAemonyNov 4th 2010 1:21AM
Does people in the U.S. regularly use unsecured Wi-Fi network because of (what I've understood) the no data limit 3G plans being so expensive? Luckily here in Sweden you can get a no data limit plan with Turbo 3G for only $36 extra a month. That's 10 Mbps with absolutely no limits what so ever.
With that I have no need to browse on unsecure Wi-Fi networks, and are automatically protected by all these latest threats from using open networks.