Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Using banking apps on a phone is dangerous because if your phone gets hacked (and Linux kernel has extremely large attack surface), the attacker gets access to both the app's session and SMS codes that are used to confirm operations. People who use banking apps must be crazy or don't care about their money.


Excluding phones, Linux desktop, and Windows which doesn’t have a better record in vulnerabilities, leaves out essentially MacOS!


Using desktop and a phone as a second factor to confirm operations is relatively safe. At least compared to using only a phone.


Actually OTP hardware devices are a proper solution to this, but banks are mostly deprecating them, unfortunately.


and why do you think that is? *ponderingfaceemoji

banks and gov sites say it's because of security, but accept SMS. so we know what it's really about


I don't. Deliberately exposing people to risk for fun?


I think I do. It costs money and people in general don't appreciate it. Also while "malware on phone stealing money" is technically possible, it doesn't happen (much?), and most people get scammed in easier and more effective ways (see crypto) instead.

I still hate it, but can't do much about it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: