How do I exploit thee ...

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>]

PayPal iPhone app makes cheque deposits 

http://www.cbc.ca/technology/story/2010/10/08/con-cheque-app.html

Let me count the ways:

Are the images encrypted in transit?

Are they encrypted in storage on the iPhone?

(How are they protected at Paypal?)

Can the images be modified, in order to change cheque numbers, for instance, and 
multiply transactions?

Is this only available with a non-jailbroken iPhone?

If they can be modified, they can be created for fake accounts ...

I'm sure that there are controls in place, particularly for these obvious ideas.  Are 
the controls sufficient?  The idea of trusting an image captured by a user-owned 
interface device just seems to be asking for trouble ...

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
  If you do buy a computer, don't turn it on. - Richards' 2nd Law
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://www.infosecbc.org/links http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.