While updating my iPhone apps earlier today, I noticed an update for the PayPal iPhone app – version 3.0.1. When I read the changelog or update details, it mentioned that the version included an important security update. It didn’t specify what type of security update so I decided to do a little research. Found out from CNET that the update was a patch for a security hole in the iPhone app.
The now patched security flaw could have allowed malicious users to do a “man-in-the-middle” attack, tricking users into thinking that they’re accessing the real PayPal site when actually they aren’t and intercept transaction data sent between the iPhone and a Wi-Fi hotspot. This can happen when PayPal users access their account using an unsecured Wi-Fi network.
Aside from patching the security flaw on the iPhone app, PayPal has also announced that it will provide a 100% reimbursement for any fraudulent activity caused by the flaw.
If you have the PayPal app on your iPhone, make sure that you immediately upgrade to the latest version. If you haven’t, do not access your account until you’ve installed the update. And just to be sure, avoid or never access your PayPal or bank account on your mobile device over an unsecured Wi-Fi network.
The latest version of the Paypal iPhone app is now available in the App Store.
[via CNET News]
@Sourish – I think its safe as long as the iOS device is not jailbroken. If it wasn’t safe, someone would’ve had their bank accounts hacked or compromised already. As long as the user connects via 3G or a secure WiFi network.
i will never log into something as vital as a paypal account from an iphone or ipod touch .. i dont think mobile devices are so secure as pc web browser ,