The security of the Venmo mobile payment system has been constantly questioned by users and members of the cybersecurity community, especially after a BuzzFeed investigation was tracked at the account of U.S. President Joe Biden in less than 10 minutes.
In the most recent report, it was discovered that this PayPal owned payment system could expose a user’s contact list improperly.
Venmo is widely used by U.S. residents to pay for Uber rides, food deliveries and all kinds of online transactions. The app also has a section for the exchange or investment in all kinds of cryptocurrencies for rates of up to 1 dollar.
BuzzFeed researchers recently published a report detailing how they found president Biden’s information through Venmo, as well as finding a trail that led them to find people close to the president, including family, friends, and collaborators.
Researchers note that the problem exists because the contact list in Venmo (implemented to make transfers between users) has severe security flaws that have accompanied the app since its launch. Experts demonstrated that anyone can be found in this app. For example, it was discovered that President Biden recently sent money to his grandchildren through Venmo.
Moreover, in a recent report a hacker claiming to have worked for Venmo revealed how threat actors could access the mobile payment app by abusing a feature of Venmo itself. This vulnerability focuses on your public funds system, which can be easily tracked as it is automatic or a default setting within the app.
Hackers can exploit this vulnerability to collect information or create elaborate schemes to develop phishing and social engineering campaigns by taking advantage of unsuspecting users.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.