Paypal, the online payments website which is, quite frankly, the worst false bank ripoff you’ll find for a while, has released an iphone app that doesn’t bother to check what’s going on with your cash – meaning hackers could easily empty your account, were you foolish enough to let these con artists within a mile of your money. Here’s the scoop:
Paypal is scrambling to fix a serious vulnerability in its Iphone application that could allow users to be duped into sending data to a third party.
Paypal’s IOS application fails to check the digital certificate of the server that it connects to, bringing up the possibility for users to fall into the trap of sending their account details to phishing websites. Digital certificate verification is a widely used technique as an integrity check to ensure that users are not sending data to unauthorised websites. The fact that it’s not being carried out by Paypal is a damning indictment of Paypal’s attitude to its users’ security.
The online money transfers outfit that is forced down the throat of all Ebay users has released applications for both Apple’s IOS and the Android OS, although it says that the vulnerability only affects its IOS application. It has also led to the Ebay subsidiary going into damage control mode, with a spokeswoman for the firm telling the Wall Street Journal, “To my knowledge it has not affected anybody,” and that, “We’ve never had an issue with our app until now.”
We don’t think users will be lining up to gain the distinction of being the first person to be affected by Paypal’s negligent software coding. However those who might end up falling victim to this disastrous lapse of software design can rest easy, since the firm has said it will reimburse anyone affected by fraudulent activity. That is of course if they make it through Paypal’s dispute system.
Paypal likes to promote the image of being a bank, although in reality it isn’t. Having such a gaping security hole in one of its key pieces of software shows just how seriously the firm takes its obligations to its customers, even though it likes to promote the popularity of its services.
The fix that it eventually comes up with shouldn’t be particularly hard to implement, as this is far from a novel problem, but that only makes Paypal’s gross oversight all the more alarming