Comment by mike_hearn

3 days ago

Look at the last 30 years of computing history?

When online banking was first created it was an absolute chaos zone. Everyone was accessing it from desktop machines riddled with viruses and malware. There are endless stories of being discovering their life savings had been wired to Belarus by some malware running on their machine that had grabbed their banking credentials when they logged in.

https://www.google.com/search?q=site%3Akrebsonsecurity.com+b...

https://krebsonsecurity.com/2017/07/how-a-citadel-trojan-dev...

> U.S. prosecutors say Citadel infected more than 11 million computers worldwide, causing financial losses of at least a half billion dollars.

Half a billion dollars, by a single guy with a single virus!

Different parts of the world came up with different solutions for this. The US made all ACH payments reversible and international wires difficult, but that just meant the receiver paid for fraud instead of the person whose machine was full of viruses. This was an obviously bad set of incentives and hacky panic-based fix. Banks elsewhere in the world settled on providing users with authenticator devices that looked like small calculators into which you could type transaction details after plugging in a smart card. Malware could still steal all your financial data but it couldn't initiate transactions.

Obviously, all this was a hack. What was needed was computers that were secure. Apple and the Android ecosystem eventually delivered this, and the calculator devices were retired in favour of smartphones with remote attestation. This was better in literally every way, for 100% of users. Firstly, it protects financial privacy and not just transaction initiation. Secondly, it's a lot more convenient to use a device that's always with you than a dedicated standalone single-use computer. Thirdly, adding remote attestation made no difference because that's what the calculator devices were doing anyway. Fourthly, even in the case of customers of small American banks that weren't capable enough to manage dedicated hardware rollouts, getting rid of fraud instead of pushing liability around allows for lower prices and fewer headaches.

So remote attestation is a non-negotiable requirement for digital banking of any form. When Microsoft didn't deliver most banks preferred to literally manufacture and sell their customers single-use smartcards that remotely attested by you manually copying numbers back and forth between screens. Or they hid the cost of rampant fraud in the price of other services until such a time that Apple/Google saved them.

9 comments

mike_hearn

Reply
Hackbraten  3 days ago

> Secondly, it's a lot more convenient to use a device that's always with you than a dedicated standalone single-use computer.

The price the owner pays for this is that they're locked out of their own expensive general-purpose computing device while still having to bear all the inconveniences (babysit OS updates, configure stuff, keep it charged, have the battery fail, buy a new device every five years, etc.)

In the meantime, the standalone chip-and-TAN device costs 30 bucks, is powered by three AAA batteries that hold their charge for five years, lives for 20 years, and never needs a single software update.

I'd choose the small single-purpose device over the enshittified, locked-down smartphone every single time.

  • ogogmad  2 days ago

    This reminds me of crypto wallets. I also dispute mike_hearn 's:

    > Smartphone HW attestation is better in every way

    They're still prone to side-channel attacks like SPECTRE. Crypto wallets are practically immune because they're air-gapped.

    [edit] I just realised that's Mike Hearn of early BTC fame. I suppose he would know what a crypto wallet is.

    • mike_hearn  2 days ago

      Spectre doesn't work across process boundaries, so I don't think they are. You can't Spectre your way into a banking app on an iPhone. Or if you can I'd like to see it in action.

      2 replies →

  • 6510  2 days ago

    You could also open your front door with your smart phone. It would look high tech until your battery is empty.

    Sometimes I see people captured by the train station unable to check out. They usually find someone with a charger but technically the formula is to fine them for not having a ticket. Then one might still need to buy a ticket to continue the journey. (bring cash)

    Phones are usually empty when things [already] aren't going as planned.

    • Hackbraten  2 days ago

      Back in my iPhone days, I once got bitten by a bug where the app developer failed to raise that flag "dear OS, I'm in the middle of presenting a ticket for optical scanning, and it would be really amazing if you could just, you know, not disturb the screen with random shit for a couple seconds."

      Unfortunately for me though, the turnstile that I was about to pass to exit the train station had both an optical scanner and some NFC thing lumped into the same physical module, and every time I tried to scan my ticket, the phone would raise its NFC screen and hide the 2D matrix code.

      So yes, you can have a fully charged phone and a perfectly valid ticket with the latest software and still get stuck in a train station.

6510  2 days ago

>....the calculator devices were retired in favour of smartphones with remote attestation. This was better in literally every way, for 100% of users.

Not 100%. A robber can force people to activate facial recognition or finger print sensors. Forcing someone to type a pin code is harder but doable. If one doesn't bring the authenticator & bank card they cant initiate transactions.

  • mike_hearn  2 days ago

    Banking apps don't normally force you to use biometrics. They let you use PINs too, at least mine does.