PayPal delivered an updated iPhone application for its popular online payment system within 24 hours after learning that some users connecting via an unsecured Wi-Fi connection could have been hoodwinked out of their account information.
As eSecurity Planet reports, the security flaw and subsequent fix underscore the inherent and mounting security risks that consumers, vendors and third-party providers face as smartphones become the device of choice for the connected masses.
This security hole was caused by PayPal’s iPhone app’s inability to verify the digital certificate created and verified by the company’s website. Without the electronic confirmation, a hacker could have logged into Wi-Fi hotspot in the general vicinity of a PayPal user and swiped usernames and passwords to their accounts.
Internet payment provider PayPal this week raced out a fix for a security vulnerability in its iPhone application that could have potentially tricked users logging in through an unsecured Wi-Fi connection into sharing their passwords and account information.
PayPal officials were not immediately available to comment on the security risk, but according to a Wall Street Journal report, the eBay (NASDAQ: EBAY) unit rushed out a secure version of the app to Apple’s (NASDAQ: AAPL) App Store for users to download.