Home     |     Android     |     iPhone     |     Apple     |     Google

Friday, November 5, 2010

PayPal Mobile app leak

App of the online payment service PayPal has a big hole on both the iPhone and Android phones. It is not the only betalingsapp with a leak.

PayPal has already made an update to his app, and submitted to the respective app stores. Users who have new, safe version can download, sign up to the Wall Street Journal. To the extent that PayPal knows, the hole is not abused. It promises 100 percent reimbursement fraud.

Phishing
The leak is a basic error: the betalingsapp not verify the certificate from the PayPal server is valid. This enables users to be redirected to a spoof, to secure their login information for PayPal booty. "This is really a huge mistake by PayPal," said lead researcher Andrew High of viaForensics, the company that this leak has discovered.

The Wall Street Journal reports that it is possible for payments to listen and thus to intercept user names and passwords. According to PayPal can only under rare circumstances, through an unsecured WiFi network where an attacker, therefore it just must be connected. The possibility of phishing spoof sites through communication, however, undermines this lulling.

Password
Furthermore, abuse of this vulnerability, possible on the iPhone. Android Smartphones are not vulnerable. Yet PayPal has its app for mobile operating system that is also updated. It is unknown what the status of the PayPal app for Blackberry.

On the website is to find no mention of the new version and the need for updating. PayPal is praised as the security of its mobile apps with the message that "any payment is confirmed by a password.

The iPhone app PayPal according to the company about 4 million times since that app was released in April this year. The updated version (3.0.1) is already available in the iTunes App Store. The online payment service expects mobile payments this year totaling some 700 million U.S. dollars amounts.

More Apps leak
Meanwhile prove more apps for mobile payment to contain leaks. viaForensics has several apps reviewed and gaps in discovery. These mobile payment applications of the large U.S. banks: Bank of America, USAA, Chase, Wells Fargo, TD Ameritrade and Vanguard. Several of these institutes have been update for their apps.

viaForensics has informed the banks before it went public with his discoveries. "Since Monday (November 1, 2010), we communicate and work together with financial institutions to eliminate these errors," the company said in a blog post yesterday. "The discoveries that we have published, the impact of testing we on November 3 or so. " The company, the new versions of the apps are also screening.

iPhone table with 58 inch screen

The iPhone is using a cable connected to the Connect Table. In addition, the unit currently gejailbreaked to a specific app to run. In the movie shows the Table Connect team, however, hinted that in future no longer necessary. How the system will work in the future is unclear. The table has multi-touch features, so you can do whatever you normally do well on the iPhone. Think swipe, but also to zoom in and out through your fingers together or apart to move.

Connect the Table is unfortunately only for iPhone 3G and 4. This is according to the team with the processor of the original iPhone and iPhone 3G. This is simply too slow to well with the Table Connect to cooperate.

Cheer also not too early. It is possible that the Connect Table was a hoax. It fell Macworld reader Davasc that on the iPhone on the movie with the little finger when you turn off iPhone app is started. In addition, the website of Connect Table is very little information and is hosted by Blogger.


The demonstration of the prototype of the Connect Table