I often use PayPal because it offers an added level of security for online transactions; however as this news story shows, nothing is perfectly safe. Even PayPal, an eBay company, can be vulnerable to a security lapse leaving users unprotected.
When using the mobile PayPal app in unsecured networks and WiFi hotspots users were left vulnerable because the app failed to check the digital certificates--an electronic ID card--that confirms that a website is legitimate. In other words, this flaw allowed a hacker to develop a fake PayPal website and access accounts without the PayPal app users knowing anything had happened. This security flaw meant PayPal app users could be "tricked into thinking they were using the legitimate website when they weren't" according to CNET News. The android app and the PayPal website are not affected. Only the iPhone version of the app is affected by the flaw.
According to CNET News, PayPal spokesman Anuj Nayar says, "We don't believe any customers have been affected at all, and if there were any affected they would be 100 percent covered by PayPal."
PayPal spokeswoman Amanda Pires said the eBay Inc. unit verified the vulnerability Tuesday night and sent a new version of the app to Apple Inc.'s App Store that users will have to download. PayPal also said it would reimburse 100% of any fraudulent activity.
PayPal was alerted of the flaw on Tuesday when they were asked by WSJ.com to comment on the flaw that the mobile security firm viaForensics first reported. PayPal rushed to fix the flaw and within 24 hours made an app update available for download. The new 3.0.1 version of the app with the security update is free at the iTunes App Store.
Since banks and credit cards are considering offering mobile payment systems similar to PayPal in the near future, let's hope the PayPal security issue pushes them to develop secure systems.
(Photo: Miss Karen)
- Chris Olson
Freelance writer and illustrator
Momathon Blog: The 24/7 mommy marathon--on two feet or four wheels
More from entertainment