PayPal Races To Fix IPhone App Security Flaw

November 3, 2010 at 2:45 pm PT

  • Share on Facebook
  • Share
  • Print

Internet-payment provider PayPal said its iPhone application contained a security flaw that could allow a hacker to access users’ accounts and has rushed out an update to correct the problem.

The hole stems from the app’s failure to confirm the authenticity of PayPal’s website when communicating over the Internet–a basic lapse that the security researcher who found the flaw said would allow someone to intercept passwords from unsuspecting users.

PayPal spokeswoman Amanda Pires said the eBay Inc. unit verified the vulnerability Tuesday night and has fixed the problem after being notified by The Wall Street Journal. PayPal sent the fixed version of the app to Apple Inc.’s App Store. “To my knowledge it has not affected anybody,” Ms. Pires said. “We’ve never had an issue with our app until now.”

A hacker would need skill and luck to make use of the vulnerability, which only affects users of the iPhone app connecting over unsecured Wi-Fi networks. It doesn’t affect the company’s Android app or users of the PayPal.com website.

Read the rest of this post on the original site

Tagged with: Amanda Pires, Android, app, App Store, Apple, application, digital, eBay, flaw, frontpage, hacker, hardware, Internet, iPhone, passwords, PayPal, security, software, Spencer E. Ante, telecom, The Wall Street Journal, users, vulnerability, Web site, Wi-Fi

Must-Reads from other Web sites

Mitch Lasky

Should Venture Capital Fund Games Companies?

Mitch Lasky, Venture Capitalist, Benchmark

Wade Roush

Don’t Panic, but We’ve Passed Peak Apple. And Google. And Facebook.

Wade Roush, Chief Correspondent, Xconomy

Jill Lepore

Privacy in an Age of Publicity

Jill Lepore, Contributor, The New Yorker

Chris Dannen

Guys, Who Isn’t Excited for a Facebook RSS Reader?

Chris Dannen, Editor, Co.Labs at FastCompany

Rob Walker

15 Ways BuzzFeed Is Toying With Your Faith in Humanity

Rob Walker, News Columnist, Yahoo News

Nathaniel Mott

Fred Wilson on Twitter’s “Huge, Enormous” Mistake

Nathaniel Mott, Staff Writer, PandoDaily

About Voices

Along with original content and posts from across the Dow Jones network, this section of AllThingsD includes Must-Reads From Other Web Sites — pieces we’ve read, discussions we’ve followed, stuff we like. Six posts from external sites are included here each weekday, but we only run the headlines. We link to the original sites for the rest. These posts are explicitly labeled, so it’s clear that the content comes from other Web sites, and for clarity’s sake, all outside posts run against a pink background.

We also solicit original full-length posts and accept some unsolicited submissions.

Voices is edited by Beth Callaghan.

Next: Yahoo Also Eyeing Automated Video App Maker Qwiki in $50 Million Deal

Kara Swisher in Media

Yahoo Offer to Buy Contact Startup Xobni Is at a Price of $30M to $40M

Kara Swisher in News

On the Internet, the NSA Definitely Knows You’re a Dog (Comic)

Nitrozac and Snaggy in Voices

View all today’s news »

Help Wanted: Moonlighters for Mobile Apps

Katherine Boehret in The Digital Solution

Surface Pro: Hefty Tablet Is a Laptop Lightweight

Walt Mossberg in Personal Technology

NFC: What You Need to Know

Lauren Goode in Product Reviews

A Wristwatch Tells When Phone Calls, Emails Arrive

Walt Mossberg in Personal Technology

How Apple Gets All the Good Apps

Walt Mossberg in Personal Technology

View all reviews »

Partner Advertisement

VentureBeat