[funsec] How do I exploit thee ...
Rob, grandpa of Ryan, Trevor, Devon & Hannah
rmslade at shaw.ca
Fri Oct 8 15:47:03 CDT 2010
PayPal iPhone app makes cheque deposits
Let me count the ways:
Are the images encrypted in transit?
Are they encrypted in storage on the iPhone?
(How are they protected at Paypal?)
Can the images be modified, in order to change cheque numbers, for instance, and
Is this only available with a non-jailbroken iPhone?
If they can be modified, they can be created for fake accounts ...
I'm sure that there are controls in place, particularly for these obvious ideas. Are
the controls sufficient? The idea of trusting an image captured by a user-owned
interface device just seems to be asking for trouble ...
====================== (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca slade at victoria.tc.ca rslade at computercrime.org
If you do buy a computer, don't turn it on. - Richards' 2nd Law
More information about the funsec