Dark Reading: PayPal has temporarily disabled two-factor authentication for its mobile apps while it works on a patch for a newly discovered flaw that bypasses the security feature.
Independent researcher Dan Saltman in March reported to PayPal that he had discovered a way to bypass two-factor authentication in Apple iOS, but after getting no response from PayPal, Saltman in April went to friends at mobile security firm Duo Security to help him reproduce the security issue and assist him in reaching PayPal. Researchers there were able to confirm his finding, as well as discover the same problem in PayPal’s Android app, which they then reported to PayPal as well.