[funsec] How do I exploit thee ...
Rob, grandpa of Ryan, Trevor, Devon & Hannah
rmslade at shaw.ca
Fri Oct 8 15:47:03 CDT 2010
PayPal iPhone app makes cheque deposits
http://www.cbc.ca/technology/story/2010/10/08/con-cheque-app.html
Let me count the ways:
Are the images encrypted in transit?
Are they encrypted in storage on the iPhone?
(How are they protected at Paypal?)
Can the images be modified, in order to change cheque numbers, for instance, and
multiply transactions?
Is this only available with a non-jailbroken iPhone?
If they can be modified, they can be created for fake accounts ...
I'm sure that there are controls in place, particularly for these obvious ideas. Are
the controls sufficient? The idea of trusting an image captured by a user-owned
interface device just seems to be asking for trouble ...
====================== (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca slade at victoria.tc.ca rslade at computercrime.org
If you do buy a computer, don't turn it on. - Richards' 2nd Law
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://www.infosecbc.org/links http://twitter.com/rslade
More information about the funsec
mailing list