If there haven’t been enough problems with security concerns in our life here is another one that may have an affect on a large number of people. The Wall Street Journal reported that a hacker could access your PayPal account if you connect over an open Wi-Fi network, but connecting over a cellular data connection does not put your account details in jeopardy.
Apparently the application doesn’t verify your security certificate, thus transmitting your data to PayPal in an extremely insecure manner and easily intercepted. Keep in mind that the potential hacker would have to be pretty fast acting in order to obtain your data unless you are in the application for extended periods of time and they just happen to stumble upon your transmissions. This security hole does not affect the Android application, nor transactions conducted directly on the site. A good rule of thumb is to disable your phone from connecting to networks that you have no control in the configuration process. This will be a hassle if you constantly connect to say a school Wi-Fi network, but in reality you have no idea how that network security has been configured.
PayPal immediately submitted and updated version of its application to Apple in the form of version 3.0.1 and is now available in the App Store. I highly suggest everyone update their application as small the likelihood may be for a hacker to get your information, no doubt better to be safe than sorry.
Do you use online transaction services such as banking and PayPal on a regular basis? How much of a concern are security flaws in applications to you?
