- Popular mobile wallets like PayTm, Paypal, Google Wallet, and Apple Wallet are prone to major security flaws.
- Bugs may lead to money transfer failures and display incorrect balance, putting users' money at risk.
- Security researcher Eklavyaa Singh Tomar identified vulnerabilities in Mobikwik, PayTm, Myntra, and ShopClues, urging companies to address these issues for the safety of users' payments.
There are lots of Bugs on various Mobile Wallets websites or apps found by Eklavyaa Singh Tomar. There are lots of simple and easily vulnerable bugs on PayTm; any hacker can exploit it โ Said Ekalvya.
So letโs move to the bugs and security flaws on various traditional Indianย Mobile Wallets Websites and Apps.
Remember:ย These All Bugs and Security Flaws found by Eklavyaa; iTech Hacks wonโt take any responsibility for any future issues.
1st of all I would like to tell you, I am a security enthusiast, I donโt do stuff for the sake of bounty and goodies, I do research and pentesting as it is my passion, this is not for any show-off, this is what I feel, your perspective may vary. โ Eklavyaa
Digital Wallet Scam of 21st Century (Well known for Security Century)ย
So here we are writing this post to let people understand how much secure are the Digital wallet services we use, we will explain and loopholes that Eklavyaa have encountered.
#1ย Mobikwik
This is the worst company anyone would, could and should come across; I reported severe misconfiguration which let any attacker download their private SSL key, enabling him to perform various possible attacks.
I returned them their SSL keys and configuration files, but they didnโt patch their shit, so I enjoyed a lot, for the period of 7 months lol, yes you are right system configuration files, all that in text format.And more to add to amazement, they couldnโt even protect their administrator panel, I canโt explain this thing in detail.
SCREEN shots attached and SSL keys can be downloaded from the below link.
#2 PayTm
PayTm company was vulnerable to almost everything you could imagine, I reported numerous bug on this giant eCommerce shit, ranging from authentication bypass to XSS to payment gateway security loopholes, and all they do is, yeah we are PCI secure, LOLZ.
All thanks to SBI which recently announced that they ban all digital wallets, just because many people have been affected by phishing scams and security loopholes where companies have. Researchers donโt report the flaws which they find interesting; we call them 0 (Zero Days), and we keep them for our use.
#3 Myntra
Nothing much to say about this, this cartoon dress provider, they had SQLi injection at their website, many of the security researchers already dumped their whole database, and amazingly Myntra is running digital wallets. And what not.
#4 ShopClues
What to say about ShopClues, Guys at least hide your admin panel somewhere. It is fun playing with it.
Wrap Up: So These are all Serious issue found on various Digital Mobile wallets website. And we are storing thousands of money on such weak security based wallets. We only want from these companies just to make their wallets secure so that anyone can store their payment safely.Also, iTech hacks wants to say Special thanks to Eklavyaa Singh Tomar for his excellent research