this post was submitted on 11 Jan 2024

63 points (88.9% liked)

Cybersecurity - Memes

1893 readers

1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

Sam1232188@lemmy.world

neurohost@lemmy.world

Alphadef@programming.dev

CannaVet@lemmy.world

Indian ICICI bank app reverse security (lemmy.world)

submitted 8 months ago by Jozav@lemmy.world to c/cybersecuritymemes@lemmy.world

22 comments fedilink hide all child comments

top 22 comments

sorted by: hot top controversial new old

[–] LemmyIsFantastic@lemmy.world 16 points 8 months ago* (last edited 8 months ago)

VPN doesn't improve security. Your shit was already encrypted over https. It's privacy.

[–] theshredder744@lemmy.world 14 points 8 months ago (1 children)

I hate this fucking app, and I hate their website even more. I wasn't allowed to us hyphens in my password.

More than anything I hate that banks make me I replace my 20-character password with a 4-digit pin for the mobile app.

I would go out of my way to make an account with a bank that takes security more seriously. Sigh.

[–] Pringles@lemm.ee 6 points 8 months ago (2 children)

Would you be allowed to set password'); DROP TABLE ClienId;-- ?

[–] surewhynotlem@lemmy.world 8 points 8 months ago

You should be allowed to. Any bank that doesn't sanitize their inputs is just waiting to be hacked.

[–] theshredder744@lemmy.world 4 points 8 months ago

If I remember correctly semicolons couldn't be used either. Maybe someone already tried this? Lmao

[–] Mandy@sh.itjust.works 11 points 8 months ago

My own banking app stopped working after an update too. My crime? Using a fairphone.

[–] pineapplelover@lemm.ee 7 points 8 months ago (3 children)

Huh? I don't understand this post

[–] sus@programming.dev 19 points 8 months ago* (last edited 8 months ago)

the idea is that a vpn makes you more secure (which is not true outside some very exceptional circumstances)

[–] cron@feddit.de 7 points 8 months ago

IMO this is one example of the countless stupid rules banks force on its customers in the name of security.

No VPN
Smartphone app only protectable with a four digit pin
Access from rooted phones not permitted (but windows PC is ok)
Maximum password length enforced

There are many more, feel free to add some mire stupid ideas.

[–] LodeMike 3 points 8 months ago (1 children)

Bank doesn’t allow use if connection is originating from VPN. It’s really stupid because passwords exist.

[–] pineapplelover@lemm.ee 3 points 8 months ago (1 children)

Oh yeah. Like I have my physical 2fa security key, verified 2fa phone number, and can verify from my email, but if I log onto vpn with all this information I am a bot user. Hate it. Fortunately, either my bank doesn't flag it or protonvpn is getting past it. But, I know plenty of websites and services like Geometry Dash flag my vpn.

[–] LodeMike 3 points 8 months ago (1 children)

I haven’t run into it at all. If my bank does this I’m moving elsewhere. I’m not going to to business with a bank that is that stupid.

[–] pineapplelover@lemm.ee 2 points 8 months ago* (last edited 8 months ago)

Some banks out there don't even take physical hardware tokens so I'm happy my bank takes it.

Edit: Here is a website somebody made that shows which banks even have 2fa and what methods they support.

[–] wahming@monyet.cc -5 points 8 months ago* (last edited 8 months ago) (1 children)

There's no reason a VPN would increase your security, and many reasons why the bank would discourage the use of VPNs to access their systems

[–] null@slrpnk.net 10 points 8 months ago (1 children)

There's no reason a VPN would increase your security

So there's no benefit to using one to tunnel to your home network while on a public network at a cafe?

[+] wahming@monyet.cc -8 points 8 months ago (1 children)

It would be nice if we were taking comments in context. In this case, WE'RE TALKING ABOUT A BANKING APP.

[–] null@slrpnk.net 9 points 8 months ago (1 children)

Which you presumably use while connected to the Internet, right?

[–] wahming@monyet.cc -4 points 8 months ago* (last edited 8 months ago) (2 children)

Why are you tunnelling to your home network to use a banking app?

Your banking app, if it was decently written by a sane programmer, should be entirely immune to any MitM attacks that a VPN would allay. Thus you would not be receiving any major benefit from using a VPN with your banking app. On the other hand, there is significant security value in the bank being able to see the actual IP of connecting clients.

[–] null@slrpnk.net 8 points 8 months ago* (last edited 8 months ago) (1 children)

I'm not tunnelling to my home network in order to use the banking app. I'm tunnelling to my home network as part of my general way of accessing the internet. My banking app isn't the only thing running on my phone while I use it.

I don't want to have to turn it off just to use the banking app.

if it was decently written by a sane programmer

Better hope it is then, I guess.

On the other hand, there is significant security value in the bank being able to see the actual IP of connecting clients.

Can you expand on that?

[–] wahming@monyet.cc -3 points 8 months ago* (last edited 8 months ago) (1 children)

On the other hand, there is significant security value in the bank being able to see the actual IP of connecting clients.

Can you expand on that?

Security analysis. If you used your card in country A 5 minutes ago, logging in from country B across the world should realise a red flag. That's a very basic example, but advanced versions can be extremely accurate.

[–] null@slrpnk.net 4 points 8 months ago

Fair, but sounds like that can be mitigated with 2FA

[–] Jozav@lemmy.world 2 points 8 months ago

Considering the bugs in this app, and considering that this is an Indian bank, I highly doubt it was 'written by a sane programmer'.