Paypal for iPhone Wi-Fi exploit discovered, patched

It seems a security hole in Paypal's iPhone app has been discovered that would allow hackers to access user's Paypal username and passwords over Wi-Fi. The "man-in-the-middle attack" let's the hacker come between the user input information and Paypal's servers. Although this is dangerous, it does require the hacker to be on the same Wi-Fi connection as the user in order to steal their information.

Airports, train stations, coffee shops, and other public Wi-Fi locations are the most susceptible. Paypal has issued a statement assuring if anyone does fall victim to this exploit, Paypal will cover 100% of all fraudulent charges. Paypal spokeswoman Amanda Pires had this to say -

"To my knowledge it has not affected anybody," Ms. Pires said. "We've never had an issue with our app until now."

Isn't that how it typically works, though? You don't have problems, until you do. And this is a large one. I'd highly suggest updating ASAP, the update is available via the App Store now.


[via WSJ]

Allyson Kazmucha

Editor for iMore, Potter pundit, and the ninja in your iOS

More Posts



← Previously

Apple's dead pixel policy for iPhone, iPad

Next up →

Verizon iPhone probably not coming next week

There are 3 comments. Add yours.

Chris says:

Way to go PayPal way to test your apps. It's a good app. Use it often, but this is weak!

excaliburca says:

I'm impressed Paypal IDed and fixed it as quickly as it did.