[HN Gopher] FBI warns hackers are targeting mobile banking apps
___________________________________________________________________
FBI warns hackers are targeting mobile banking apps
Author : elorant
Score : 19 points
Date : 2020-06-11 20:53 UTC (2 hours ago)
(HTM) web link (thehill.com)
(TXT) w3m dump (thehill.com)
| deepspace wrote:
| > In order to combat these threats, the FBI recommended that
| Americans only download banking apps from official app stores or
| from banking websites.
|
| I would like to know who these people are who would download
| their _banking_ apps from hax0rs.rus rather than, you know, the
| app store where they get all their other apps from.
| hcurtiss wrote:
| Agreed. Otherwise, modern mobile OSs are pretty tough to
| penetrate. iOS in particular.
| brundolf wrote:
| I pretty much exclusively use my iPhone for financial
| services specifically because it's so much less insecure than
| even the best desktop OS.
| thephyber wrote:
| It's been a lifesaver to reduce my IT time taken to clear
| family computers of malware since getting them iPads.
| Alupis wrote:
| More likely getting a spoofed email suggesting they download
| the Bank's latest-and-greatest app by clicking the link.
| thephyber wrote:
| As someone who works on developing cybersecurity products, it's
| incredibly unhelpful to disdain users by assuming the worst
| case as in
|
| > who would download their banking apps from hax0rs.rus
|
| Having empathy with users that don't act perfectly skeptical
| 100% of the time and who don't read all of the text (like none
| of us read 100% of the EULAs every time we click the "accept
| terms" button/checkbox) will allow us to build systems which
| are more robust to the occasional distracted user, overlooked
| typo, user who doesn't know how o mentally parse a URL to
| identify the domain, etc.
|
| Also, there are plenty of people on HN that advocate for
| breaking down all of the walled garden app stores, which
| necessarily means that users would have a higher cognitive load
| of researching which domains are more trusted app stores. It's
| ridiculously easy not to accidentally download an iOS app from
| a 3rd party app store, because they simply aren't possible
| without jailbreak / install developer cert.
| Alupis wrote:
| I used to be quite annoyed with 2FA (although I understood the
| value)... and was particularly annoyed when one of my banks made
| 2FA mandatory.
|
| Begrudgingly shlupping myself to the other room to locate my
| phone and get a texted code...
|
| But, after receiving 3 different password reset emails in a short
| period for different services, I decided to enable 2FA for
| everything that supports it. Where possible, choosing the Time
| Based 2FA instead of texting codes (just in case I lose my phone
| or something).
|
| With the right mindset (and paranoia), I'm coming around to
| viewing this inconvenience as necessary, and wish more services
| supported it.
| snazz wrote:
| The kind that Google and Microsoft (and maybe others) do is
| pretty great. You get a push notification on your phone and
| just tap "Yes", and you're in. Of course, you should still have
| a fallback like OTP for when your phone is not internet-
| connected, but it feels really seamless and is a very minor
| inconvenience.
| kevin_thibedeau wrote:
| This is why I'll never access banking data through an app or
| mobile browser. All it takes is the right zero day and millions
| of people are compromised. Coupled with the general crappiness of
| Zelle and you can kiss your money goodbye.
___________________________________________________________________
(page generated 2020-06-11 23:00 UTC)