Firm Finds Gaping Holes in Mobile Payments Applications

eBay’s PayPal online payment division is rushing a software patch to users of its iPhone mobile payments application to plug a hole that leaves users vulnerable to man-in-the-middle and phishing attacks, but the firm that found that hole said transaction security is just one problem facing the mobile payments application.

An audit by Chicago firm ViaForensics discovered serious security holes in the PayPal mobile payment application for Apple’s iPhone. Flaws that could allow attackers to set up a phony PayPal phishing site and snoop user credentials was the most critical, but the application also fell short in protecting user login and potentially sensitive application data, according to ViaForensics co-founder, Andrew Hoog.

PayPal did not immediately respond to a request for comment from Threatpost. In published reports, the company acknowledged the hole and said it had sent an update out Tuesday night. The company said it would reimburse customers for any fraudulent activity related to an attack on the iPhone application.

Read More