[HN Gopher] FBI warns hackers are targeting mobile banking apps ___________________________________________________________________ FBI warns hackers are targeting mobile banking apps Author : elorant Score : 19 points Date : 2020-06-11 20:53 UTC (2 hours ago) (HTM) web link (thehill.com) (TXT) w3m dump (thehill.com) | deepspace wrote: | > In order to combat these threats, the FBI recommended that | Americans only download banking apps from official app stores or | from banking websites. | | I would like to know who these people are who would download | their _banking_ apps from hax0rs.rus rather than, you know, the | app store where they get all their other apps from. | hcurtiss wrote: | Agreed. Otherwise, modern mobile OSs are pretty tough to | penetrate. iOS in particular. | brundolf wrote: | I pretty much exclusively use my iPhone for financial | services specifically because it's so much less insecure than | even the best desktop OS. | thephyber wrote: | It's been a lifesaver to reduce my IT time taken to clear | family computers of malware since getting them iPads. | Alupis wrote: | More likely getting a spoofed email suggesting they download | the Bank's latest-and-greatest app by clicking the link. | thephyber wrote: | As someone who works on developing cybersecurity products, it's | incredibly unhelpful to disdain users by assuming the worst | case as in | | > who would download their banking apps from hax0rs.rus | | Having empathy with users that don't act perfectly skeptical | 100% of the time and who don't read all of the text (like none | of us read 100% of the EULAs every time we click the "accept | terms" button/checkbox) will allow us to build systems which | are more robust to the occasional distracted user, overlooked | typo, user who doesn't know how o mentally parse a URL to | identify the domain, etc. | | Also, there are plenty of people on HN that advocate for | breaking down all of the walled garden app stores, which | necessarily means that users would have a higher cognitive load | of researching which domains are more trusted app stores. It's | ridiculously easy not to accidentally download an iOS app from | a 3rd party app store, because they simply aren't possible | without jailbreak / install developer cert. | Alupis wrote: | I used to be quite annoyed with 2FA (although I understood the | value)... and was particularly annoyed when one of my banks made | 2FA mandatory. | | Begrudgingly shlupping myself to the other room to locate my | phone and get a texted code... | | But, after receiving 3 different password reset emails in a short | period for different services, I decided to enable 2FA for | everything that supports it. Where possible, choosing the Time | Based 2FA instead of texting codes (just in case I lose my phone | or something). | | With the right mindset (and paranoia), I'm coming around to | viewing this inconvenience as necessary, and wish more services | supported it. | snazz wrote: | The kind that Google and Microsoft (and maybe others) do is | pretty great. You get a push notification on your phone and | just tap "Yes", and you're in. Of course, you should still have | a fallback like OTP for when your phone is not internet- | connected, but it feels really seamless and is a very minor | inconvenience. | kevin_thibedeau wrote: | This is why I'll never access banking data through an app or | mobile browser. All it takes is the right zero day and millions | of people are compromised. Coupled with the general crappiness of | Zelle and you can kiss your money goodbye. ___________________________________________________________________ (page generated 2020-06-11 23:00 UTC)