Not long after PayPal app being released to App Store, it was discovered that the app exhibits certain security flaw that allows hacker to intercept and steal end users’ authentication ID and password. Good news now, the famous online transaction provider has acknowledged the issue and quickly rectify it with a latest release version being pushed to App Store recently.
The root cause was identified to be due to the app inability to verify the digital certificate, which acts as an electronics ID card to validate if a website is legitimate. And with such security flaw, a hacker could easily setup a fake Paypal-like website that would collect username and password from users for illegal access later. However, in order to achieve that, they must be located at the same physical WiFi hotspots with the potential victims that are performing an online PayPal transaction under unsecured WiFi network.
PayPal promises to bear any risk and reimburse 100% of any cost incurred due to fraudulent activities. Fortunately, the famous internet online payment provider claims that its PayPal app has been downloaded more than four million times since it was released back in April but yet there wasn’t any incident related to this flaw yet.
The Paypal Mobile app has since been further updated to version 3.3 and beyond.