Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Gigachad 13 hours ago

Multiple devices is the answer. Otherwise you end up with people having their banking hacked because they installed a game mod.

Viliam1234 41 minutes ago | parent | next [-]

I am not an expert, but I think this could be improved if the smartphone operating systems had better security models.

For example, an application needs "access to your disk storage", because it needs e.g. to save photos. Okay, let's give it access to its own directory. Or maybe to a subdirectory of "my pictures". But it doesn't need the access to the entire disk, right? Yet in Android, it is all or nothing.

Perhaps with better system, we wouldn't have to ban installing game mods, only to make sure that those game mods do not have unreasonable access rights. Or maybe the banking operation could state "I can only be installed when no other app has an access to my private data" or something like that.

Zak 12 hours ago | parent | prev [-]

This leads to a massive transfer of power from end users to corporations and governments. User-owned computers and the open web limit the ability of such institutions to place demands on users. Is that worth a slight reduction in the rate of bank fraud?

b_e_n_t_o_n 12 hours ago | parent | next [-]

Depends if you ask someone who gets defrauded of their life savings and work and is financially ruined I suppose.

Zak 11 hours ago | parent [-]

Most of the time, it's the bank that's on the hook for fraud, which is why they're motivated not to trust that the user's device is sufficiently secure.

Gigachad 10 hours ago | parent [-]

There’s no world where the bank is on the hook for fraud while also not being allowed to prevent it.

Personally I’m ok with the bank being on the hook and their app checking there isn’t malware loaded on the OS. I have my raspberry pi and steam deck for full modding without intermingling it with extremely sensitive computing.

lan321 5 hours ago | parent | next [-]

Is this not a solved problem? I used to have a TAN generator for my bank as a separate device I paid like 5 euros for. If you get provided an authenticator and get forced to use it for transfers essentially even if my device is compromised it doesn't matter unless their device also gets compromised. They are then free to lock it as much as they want.

Gigachad 5 hours ago | parent [-]

If it’s just one of those 2FA code generators, that still won’t help if your phone has malware on it. The malware can just modify the transfer as you are making it and have typed in the code.

Users would also lose them far more than they lose their phones.

robinsonb5 4 hours ago | parent [-]

I have one of those 2FA code generators, and used to have a different one with a business account, too.

In both cases the authorisation challenge/response involves part of the destination account number, so if the details are tampered with by malware the code won't work.

10 hours ago | parent | prev | next [-]
[deleted]
beeflet 6 hours ago | parent | prev | next [-]

I'm not okay with owning a cuck device where the bank manages my OS. So we have a problem.

b_e_n_t_o_n 5 hours ago | parent [-]

We? or you :P

antisol 5 hours ago | parent | prev [-]

lolwut

define "malware".

eecc 6 hours ago | parent | prev [-]

Careful, recently someone made a similar argument around gun-laws in the US, and it didn't go well for him...

/s