This past week, the word “leak” has gained a somewhat different meaning than it had a few weeks back when Snowden had the most hits in search engines and social media.
But it’s with good timing, since I planned to write a bit about mobile security.
MOBILE HOME BANKING
If you own a bank account, chances are you receive mails promoting doing multiple operations through Home Banking.
Along with those emails, I’ve even got promotions where if I downloaded the Home Banking mobile app, I would be eligible to win an iPad or things like that.
Lets go back to Januray 8, this year, when the security researcher Ariel Sanchez wondered how bad is the mobile Home Banking security. Check out what he found in here, tldr: it’s bad.
I bet a lot of the banks behind that study have improved their security a lot, but am I suppose to trust them after somebody found all those security issues? No.
HTTPS BY DEFAULT, CERTIFICATE PINNING, AND OTHER MAGIC
It’s 2014, Google is even ranking sites that offer HTTPS by default higher than those who don’t, but there are banks that do not have HTTPS by default.
Try it out for yourself, open a new tab in the browser, type http:// (notice the lack of s in there) and then your bank URL. Does it get you to https:// automatically? My bank doesn’t.
So why am I supposed to trust the mobile version of it to have good security practices?
This is actually another anonymity subtlety: tell me if you explicitly write https:// with every URL and I’ll tell you how secure your browsing is.
ON PRIVACY BREACHES
This might come out as a random rant out of nowhere, but the point is to not let us forget about this other kind of security and privacy things going on.
I think it’s sad that we need to have the internet sharing a bunch of nude pictures from famous people to get all outraged by the state of security in our devices.
As Christopher Soghoian said just a bit ago:
UK SPY AGENCY GCHQ HAS A DATABASE FILLED WITH INTIMATE YAHOO WEBCAM PICS. SAVE SOME OUTRAGE FOR THEM TOO, PLEASE.
Let’s think every security and privacy problem as one that has just happened to somebody we like to see in the movies. I bet a lot of things will get fixed sooner.
Tomás Touceda is the Privacy & Security Officer at SpiderOak. He has been working in the privacy and anonymity field for more than five years and holds a Licenciatura degree in Computer Science. He started as a Core Developer for the Tor Project, then as a Lead Client Developer for LEAP. Follow him on Twitter and read more on privacy issues at his personal blog.