Which problems has PayPal specifically solved
Google Pay and Paypal: Security problem had been known since 2019
A serious security gap in PayPal, which affects customers with the virtual credit card, which is available specifically for the use of Google Pay, is making headlines these days. The perfidious thing about it: The security gap may have been known for around a year, but has apparently not been closed until today.Google Pay and Paypal, that was a good combination for all those customers whose bank will not support Google Pay shortly after the start of the contactless payment method based on smartphone. PayPal customers can still use the service on the basis of a virtual credit card that can be integrated into Google Pay.
For a few days now, the media have been reporting on unauthorized debits by some users, all of which follow a similar pattern. In all currently known cases, these are debits from the USA, which, according to forum users (here and here), are in most cases assigned to branches of a US retail chain called Target. Long strings of letters that do not make sense can also be used for the booking. Mind you: At Target, apparently only purchases were made, so the data could also have been sold to third parties via Darknet, so that there is very likely no connection with Target employees. The sums that have been debited vary greatly - from small, single-digit amounts to four-digit amounts.
So it can be Not only deal with those fished payments below the 25 euro amount that are possible without authentication by the customer. "
Customers who had properly configured their two-factor authentication were also affected. According to its own information, Google itself cannot see the initiated bookings and cannot reverse them either. PayPal, on the other hand, to which Google refers, does not forward the customers to the responsible banks, but apparently cancels the affected bookings from customers within 24 hours if things go well. In addition, both companies involved advise filing a complaint with the police, even if this is more of a formality in such cross-border transactions than it will help to clarify the situation. Paypal can be contacted outside of social media by phone or email.
PayPal vulnerability: these are possible vulnerabilities
But the phenomenon has apparently been known to at least some experts - and allegedly PayPal as well - for around a year. As Golem reports, the IT security expert Markus Fenske from Exablue already advised PayPal of security gaps last year. There are two weaknesses that make Google Pay particularly vulnerable in its combination in the PayPal variant described here: On the one hand, the virtual credit card is apparently not only activated for payment via NFC, but also open for online payment transactions - unlike, according to Fenske, for other providers. On the other hand, Paypal apparently does not check the name or the CVC verification number during processing in this case. Exablue wants to have proven this through a test payment.
There are basically two options:1.Version 1: The data could have been physically collected in Germany by attackers reading the credit card number and the expiration date with any NFC-enabled device when the smartphone is switched on and the screen is unlocked. To do this, however, he must be in the immediate vicinity of the victim.
PayPal loophole can still be used until recently
It is also noteworthy that Exablue declares that the vulnerability was reported to PayPal as part of PayPal's own bug bounty program in February of last year. Exablue explains that the security gap was initially denied and only paid a $ 4,400 reward to Exablue after it was shown within a video. Also noteworthy: Apparently the security hole worked in this form even after the first cases became known until this week.
We reported this problem to PayPal via Hacker One in February 2019. After an initial rejection and several discussions, PayPal paid a $ 4,400 error premium. We tried to keep in touch with PayPal until they resolved the problem, but PayPal largely ignored our requests. They told us in April 2019 to wait for more updates. That was her last message. "
Markus Fenske, Managing Director Exablue
We asked PayPal and above all wanted to know why the security gap existed in the first place and, above all, why it was not closed as soon as it was discovered. This has apparently only happened now, as the company also admits (and according to Heise still not really successfully closed). You don't want to explain why it took so long - and the company's statement is also brief and not very illuminating. Of course, nobody wants to be quoted personally - in a short statement it says:
We immediately set about fixing this problem. A very small number of PayPal customers who use Google Pay were affected. The problem has now been resolved. No personal or financial information was stolen from PayPal customers. Third parties also never had access to PayPal accounts. "
Written statement from PayPal
Even the statement "we immediately took care of the problem solving" is remarkable when you consider that the payments mentioned were apparently only recently made to the accounts of PayPal customers (albeit via the virtual debit card). Only the statement "in the areas of fraud prevention and risk management PayPal relies on modern technologies to protect its customers and enable secure payments" can be signed: Because the security gap, if it existed in the form described by Exablue, has little to do with the most modern and To do the most sophisticated deception strategies, but is basic IT security knowledge, the disregard of which one would not have expected a global corporation with sales of this magnitude to be. partly
You can find this article on the Internet on the website:
- Which scientific models of autism have been overturned?
- What is 2 4 2 0 4
- What language did the Neanderthals speak
- How can I watch viral sex videos
- Is Malwarebytes the best antivirus out there
- Am I good enough to study acting?
- What helped you to overcome a fear
- All good people should be beautiful
- Why are there armies within armies
- Is the Rohtang Pass open
- Are the wizards immortal in Middle-earth?
- Why are energy conversions so inefficient
- How do you sing a growl
- How great was the singer Sam Cooke
- How is Google benefiting from Google Photos
- Can you be suspended over the phone
- Why are yellow jackets following me
- What are the theorems of international trade
- How is Amity Noida for BJMC
- What's a song that nobody hates
- What tribes were brought over as slaves?
- Should I call or text my friend?
- What is HubSpot known for?
- What makes fatherhood difficult
- Can i have a hug
- Insomnia can go away on its own
- What is a combat combination
- How should I treat a burned hand?
- How can I start smoking
- What do subatomic particles mean
- How long should a standard essay be
- Who sleeps during the day
- What exactly is classic analysis
- Who writes GMAT