Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > iPhone, iPod and iPad > iPad

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 12, 2011, 01:09 PM   #1
Denis54
macrumors member
 
Join Date: Mar 2011
Is it safe to use an IPAD for internet banking?

I am a new iPad user.

My PC has an antivirus and a firewall. Is my IPAD as safe as my PC since it does not seem to be protected by any software.
Denis54 is offline   0 Reply With Quote
Old Jul 12, 2011, 01:14 PM   #2
applefan289
macrumors 68000
 
Join Date: Aug 2010
Location: USA
Quote:
Originally Posted by Denis54 View Post
I am a new iPad user.

My PC has an antivirus and a firewall. Is my IPAD as safe as my PC since it does not seem to be protected by any software.
I would say the iPad is as safe as a Mac because they are both built off of the same core. Think of the iPad as "Mac OS X embedded" software. I don't have antivirus on the Mac, and I'm fine with it.

I know this sounds ironic, but I am more comfortable (security-wise) on a Mac with no antivirus than on a Windows computer with antivirus.

With Windows, I just have a hunch that there's a million little gnomes in there trying to mess with me. I just read a report that since the computers are made in China, there's some corrupt stuff going on where the people there stick phishing stuff in Windows before it gets overseas.

I feel more secure with a Mac.

But anyway, back to your question, I would say an iPad is fine for internet banking.
applefan289 is offline   1 Reply With Quote
Old Jul 12, 2011, 01:25 PM   #3
Aspasia
macrumors 6502a
 
Join Date: Jun 2011
Location: Halfway between the Equator and North Pole
Quote:
Originally Posted by Denis54 View Post
I am a new iPad user.

My PC has an antivirus and a firewall. Is my IPAD as safe as my PC since it does not seem to be protected by any software.
On a secure network you should be okay. But forget about it at your local fast food or coffee joint, or any other public WiFi site.

Might be wise to clear your cache, cookies, and history after each banking session. I do, just to keep my paranoia in check.
Aspasia is offline   0 Reply With Quote
Old Jul 12, 2011, 01:28 PM   #4
Weaselboy
macrumors G5
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by Aspasia View Post
On a secure network you should be okay. But forget about it at your local fast food or coffee joint, or any other public WiFi site.
As long as the banking site is using a secure session (https://....), I don't see why using a public wifi would be an issue. The data including login and password is all encrypted before it is sent to the bank.
Weaselboy is offline   4 Reply With Quote
Old Jul 12, 2011, 01:29 PM   #5
Disgrace
macrumors member
 
Join Date: Dec 2010
Different hardware makes no difference.

This depends on the security of your internet connection and bank website.
Disgrace is offline   2 Reply With Quote
Old Jul 12, 2011, 01:35 PM   #6
doboy
macrumors 65816
 
Join Date: Jul 2007
Quote:
Originally Posted by Denis54 View Post
I am a new iPad user.

My PC has an antivirus and a firewall. Is my IPAD as safe as my PC since it does not seem to be protected by any software.
I would use an app for your bank (if available) as an added security. However, there was an issue with security of the Citi app while back so app is no means bulletproof, but you would assume that the banks making their own app would do some due diligence on security.
__________________
iPhone 2G, 3GS, 4 | 15" MB Pro & 13" MBA | Apple TV2 | iPad 1, 2, 3, Air (kept), & rMini (returned) | GSIII, Note II, & LG G2

Thank you Steve for
doboy is offline   1 Reply With Quote
Old Jul 12, 2011, 01:37 PM   #7
darngooddesign
macrumors G3
 
Join Date: Jul 2007
Location: Atlanta, GA
Quote:
Originally Posted by Weaselboy View Post
As long as the banking site is using a secure session (https://....), I don't see why using a public wifi would be an issue. The data including login and password is all encrypted before it is sent to the bank.
Firesheep, IRC, intercepted your credentials as they were being sent to the router, before https had anything to do with it.
__________________
64 giggity... giggity... gigg-i-ty
Lego Apple Store
darngooddesign is offline   -1 Reply With Quote
Old Jul 12, 2011, 01:42 PM   #8
Weaselboy
macrumors G5
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by darngooddesign View Post
Firesheep, IRC, intercepted your credentials as they were being sent to the router, before https had anything to do with it.
As I understand it, Firesheep works only by intercepting a ID cookie from the web site (bank in this case) and would only work if the bank encrypted the login only and not the subsequent traffic. Every bank I have used online encrypts the entire session and Firesheep would not work.
Weaselboy is offline   1 Reply With Quote
Old Jul 12, 2011, 01:45 PM   #9
mpaquette
macrumors regular
 
Join Date: Jul 2010
Location: Columbia, SC
I believe using iPad to do online banking is as safe as using a PC/Mac. As others have said, I wouldn't do any kind of financial stuff over free public WiFi. I'm sure it's fine 99% of the time, but there's always the greater potential that someone is able to see your network activity.

Last edited by angelwatt; Jul 12, 2011 at 05:58 PM. Reason: removed quote
mpaquette is offline   1 Reply With Quote
Old Jul 12, 2011, 02:09 PM   #10
GreatDrok
macrumors 6502
 
Join Date: May 2006
Location: New Zealand
I use my iPad for banking just fine. I don't do that on my Windows 7 PC after discovering a keylogger had got onto the machine and I tracked the source download that had the trojan and it had merrily sailed past MS Security Essentials and run on my machine for a week before an update to the sginatures flagged it.

Anti-virus is never secure because it is reactive. My PC gets used for games and light web browsing. Anything else is done on my iPad.
__________________
Retina MacBook Pro 13" i5 16GB 500GB SSD, Mac mini C2D + 20" ACD 8GB 960GB SSD, iPad mini 64G WiFi+cellular, ATV2, ATV3, iPhone 4 16GB
GreatDrok is offline   0 Reply With Quote
Old Jul 12, 2011, 02:16 PM   #11
ajohnson253
macrumors 68000
 
ajohnson253's Avatar
 
Join Date: Jun 2008
I do, I have no problems. Never have.
__________________
Apple & Snapple for Lunch.
iPhone 4S, 13" 1.8GHZ 256GB i7 MBA
ajohnson253 is offline   0 Reply With Quote
Old Jul 12, 2011, 04:08 PM   #12
Syk
macrumors 6502a
 
Join Date: Jun 2010
Using an app would probably be safer than using a PC if you're that concerned about it.

That being said I personally don't use public wifi(hotels,etc) for anything other than surfing news site and the such. When I plan on doing anything that requires my password or I know I'll be doing both. I use MyWi and tether to my phone. I think it's a little more secure.
Syk is offline   1 Reply With Quote
Old Jul 12, 2011, 04:15 PM   #13
Digidesign
macrumors 6502
 
Join Date: Jan 2002
I'm a little weary of doing internet banking on a jailbroken device, whether it's an iPhone or iPad. Not that the jailbreak itself compromises the security, but I don't completely trust the apps added through external sources in Cydia (the sketchy sources, you guys know what I mean).
Digidesign is offline   1 Reply With Quote
Old Jul 12, 2011, 04:24 PM   #14
Syk
macrumors 6502a
 
Join Date: Jun 2010
Nothing wrong with that. Too be honest after iOS 5 comes out I may not jailbreak my device.
Syk is offline   0 Reply With Quote
Old Jul 13, 2011, 02:13 PM   #15
Benbikeman
macrumors 6502a
 
Join Date: May 2011
Location: London, England
Quote:
Originally Posted by applefan289 View Post
I just read a report that since the computers are made in China, there's some corrupt stuff going on where the people there stick phishing stuff in Windows before it gets overseas.
And I just read a report that aliens from the planet Zaarg are reading our thoughts ...

You do realise that iPads are made in China, right?
__________________
London wedding photographer | London portrait photographer | MBP 17 i7 2.4GHz 16Gb 2Tb | iPad 2 3G 64Gb
Benbikeman is offline   0 Reply With Quote
Old Jul 13, 2011, 03:23 PM   #16
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by Aspasia View Post
On a secure network you should be okay. But forget about it at your local fast food or coffee joint, or any other public WiFi site.

Might be wise to clear your cache, cookies, and history after each banking session. I do, just to keep my paranoia in check.
This is good advice.

To properly clear your cache, cookies, and history from mobile safari, you must also fully reset Safari.

Two methods to do so are as follows:

Quote:
Force Quitting To force an application to quit, Apple recommends that you bring the app you want to quit to the foreground. Then press and hold the sleep/wake button for several seconds, until the Slide to Power Off control appears. Release the sleep/wake button and hold down the Home button for another 7-10 seconds. Your screen will flash briefly and you will return to the main iOS 4 Springboard home page with its icons. This method works for all operating systems from iPhone OS 3 forward, and is the preferred method listed in the iOS 4 documentation.

Removing the Application from the Recents List There's actually a much simpler approach for quitting apps, and that's to use your recent app list. Double-click the home button to display the recently accessed applications. Press and hold any of the icons shown, then navigate to the application you want to quit and tap the red circled minus button. This sends a signal to the application in question that allows it to quit. The application will be re-added to the recents list the next time you launch it.
Quote:
Originally Posted by Weaselboy View Post
As long as the banking site is using a secure session (https://....), I don't see why using a public wifi would be an issue. The data including login and password is all encrypted before it is sent to the bank.
On an iPad there is no way to manually view and verify the digital certificate as far as I know. This leaves the connection liable to sophisticated man-in-the-middle attacks where the encryption is stripped and the connection is redirected to a spoofed website.

The following information from my "Mac Security Suggestions" link is important in relation to online banking.

Quote:
- Check the digital certificate of websites, such as banks and paypal, by clicking the lock icon to see if the certificate belongs to the right organization. This prevents login credentials from being stolen via sophisticated MITM attacks. ARP poisoning/MITM attacks can be detected using a utility such as Mocha.
- Always manually navigate to the logins of encrypted security sensitive websites and never login to these websites from links in emails, email attachments, instant messages, & etc even if the certificate appears to be legitimate. This prevents login credentials from being stolen via advanced phishing techniques that use cross-site scripting.
- Enable Mac OS X to use the CRL and OCSP to provide protection from invalidated digital certificates. The settings to enable system-wide use of the CRL and OCSP are accessible via Keychain Access. On the "Certificates" pane in the Preferences of Keychain Access, set the following:

Online Certificate Status Protocol (OCSP): Best Attempt
Certificate Revocation List (CRL): Best Attempt
Priority: OCSP
Some users notice issues when CRL is set to "Best Attempt." This does not have to be set as it is only a backup for OCSP.

Much of these tips can't be done on a iPad. But, much of these risks are mitigated via only online banking on a secured wireless network with no unknown users.
__________________
Mac Security Suggestions

Last edited by munkery; Jul 13, 2011 at 03:36 PM.
munkery is offline   0 Reply With Quote
Old Jul 13, 2011, 03:32 PM   #17
Syk
macrumors 6502a
 
Join Date: Jun 2010
Quote:
Originally Posted by munkery View Post
This is good advice.



On an iPad there is not way to manually view and verify the digital certificate as far as I know. This leaves the connection liable to sophisticated man-in-the-middle attacks where the encryption is stripped and the connection is redirected to a spoofed website.

The following information from my "Mac Security Suggestions" link is important in relation to online banking.



Some users notice issues when CRL is set to "Best Attempt." This does not have to be set as it is only a backup for OCSP.

Much of these tips can't be done on a iPad. But, much of these risks are mitigated via only online banking on a secured wireless network with no unknown users.
This is pretty much why I create my own hotspot like I posted above. I've seen my cousin do a MIM at a hotel just playing around. He's no techie either but he does know how to download the tools and watch a few videos online that show how it's done
Syk is offline   0 Reply With Quote
Old Jul 13, 2011, 03:44 PM   #18
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by Syk View Post
This is pretty much why I create my own hotspot like I posted above. I've seen my cousin do a MIM at a hotel just playing around. He's no techie either but he does know how to download the tools and watch a few videos online that show how it's done
If you are using a laptop to online bank on a public network, you are safe if you follow those tips I provided in my post.

Your method also does promote security as well.

Mitm attacks are possible on cellular networks but require special equipment to do so. I would recommend still following those tips I provided even if you are using a cellular network to access the internet.

As for iPhones and iPads that have 3G internet, I would not do any online banking over the cellular network just as a precaution. Though, I have not heard of mitm on cellular networks being done outside of research settings.

EDIT: To ease your worries about the security of your iPad, I thought you might appreciate this link.

http://www.infoworld.com/d/mobile-te...s-period-792-0
__________________
Mac Security Suggestions

Last edited by munkery; Jul 13, 2011 at 05:17 PM.
munkery is offline   0 Reply With Quote
Old Jul 13, 2011, 07:07 PM   #19
Wick12
macrumors newbie
 
Join Date: Jul 2011
iOS is very secure and is not being threatened by viruses like other os's it is more secure do to Apples locked down OS. I would never do online banking if I was jail broken though.
Wick12 is offline   0 Reply With Quote
Old Jul 13, 2011, 07:22 PM   #20
chris8535
macrumors member
 
Join Date: May 2010
I work for one of the largest banks in the US and with online banking for corps(aka very high security). The iPad, in practice, is by far the safest way to bank. You are not vulnerable to the most common attacks (worms, trojans, keyloggers) and the only concievable way to capture your credientials would be a very complex and highly targeted man-in-the-middle attack which might takes weeks to decrypt. (lets face it, you or your account are not important enough to justify that kind of attack)

As long as it uses https, feel free to bank anywhere, cellular or wifi. The encryption tunnel will be secure.

edit: this all goes out the window if you jailbreak.
chris8535 is offline   0 Reply With Quote
Old Jul 13, 2011, 07:50 PM   #21
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by chris8535 View Post
the only concievable way to capture your credientials would be a very complex and highly targeted man-in-the-middle attack which might takes weeks to decrypt.

As long as it uses https, feel free to bank anywhere, cellular or wifi. The encryption tunnel will be secure.
This is incorrect.

If the attacker has spoofed the bank's website and the user is unable to verify the digital certificate, the connection made will appear encrypted eventhough it is not. Then, the attacker mimics an error on the page after the user attempts to login and exposes their login credentials. No need to decrypt the data.

The work would be spoofing the websites. Once that is done, then just camp out a public wifi network to collect login credentials. On a large public network, login credentials could be collected in profitable volumes over not that long of a duration.
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Jul 14, 2011, 06:02 AM   #22
fhall1
macrumors 68020
 
fhall1's Avatar
 
Join Date: Dec 2007
Location: NY State of mind
Quote:
Originally Posted by munkery View Post
This is incorrect.

If the attacker has spoofed the bank's website and the user is unable to verify the digital certificate, the connection made will appear encrypted eventhough it is not. Then, the attacker mimics an error on the page after the user attempts to login and exposes their login credentials. No need to decrypt the data.

The work would be spoofing the websites. Once that is done, then just camp out a public wifi network to collect login credentials. On a large public network, login credentials could be collected in profitable volumes over not that long of a duration.
Yes, but once you spoof the bank's website, there's nothing saying the iPad is insecure or less secure than anything else....you can be on a bulletproof connection and a super locked down machine, but if the website is hacked nothing you do to increase your security posture (except not doing any online banking) will matter.
__________________
2012 2.3GHz i7 Mini, 16GB RAM; 2009 2.93 GHz C2D iMac, 8GB RAM, GT120 GPU
1.83 GHz CD Mini, 2GB RAM, 200GB HD; 1.25 GHz 17" G4 iMac, 2GB RAM, 128GB SSD
64GB Silver iPhone 5s, 64GB White iPad Air
fhall1 is offline   0 Reply With Quote
Old Jul 14, 2011, 07:37 AM   #23
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by fhall1 View Post
Yes, but...
Read my posts, I never said iOS was insecure. In fact, I provided a link stating the exact opposite. All I am saying is that iOS users have a more difficult task avoiding certain types of attacks.

Also, spoofing a website is different than hacking a website.

http://www.thoughtcrime.org/software/sslstrip/
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Jul 14, 2011, 12:27 PM   #24
chris8535
macrumors member
 
Join Date: May 2010
Quote:
Originally Posted by munkery View Post
Read my posts, I never said iOS was insecure. In fact, I provided a link stating the exact opposite. All I am saying is that iOS users have a more difficult task avoiding certain types of attacks.

Also, spoofing a website is different than hacking a website.

http://www.thoughtcrime.org/software/sslstrip/
You're being pedantic, I said except for a targeted and highly sophisticated man in the middle attack. And you said 'no but' and named a targeted and highly sophisticated man in the middle attack with added spoofing. Aside from that, if you use an official banking app, this would again be rendered impossible.

So once again, use your banks app and you are probably more secure than you'd even be using your computer at home.
chris8535 is offline   0 Reply With Quote
Old Jul 14, 2011, 02:42 PM   #25
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by chris8535 View Post
And you said 'no but' and named a targeted and highly sophisticated man in the middle attack with added spoofing.
My first post in this thread mentions the requirement of spoofing the login page. See the following quote.

Quote:
Originally Posted by munkery View Post
This leaves the connection liable to sophisticated man-in-the-middle attacks where the encryption is stripped and the connection is redirected to a spoofed website.
Redirection to a spoofed website may not even be required.

https://www.owasp.org/images/7/7a/SSL_Spoofing.pdf

Quote:
Originally Posted by chris8535 View Post
the only concievable way to capture your credientials would be a very complex and highly targeted man-in-the-middle attack which might takes weeks to decrypt.

As long as it uses https, feel free to bank anywhere, cellular or wifi. The encryption tunnel will be secure.
I was responding to these parts of your post. A post which make no reference to an app issued by the bank.

In circumstances where verification of the digital certificate is under the control of the user such as when the web browser is used for online banking, the encryption tunnel may not be secure.

In relation to an app, the attacker would need a stolen or forged copy of the banks digital certificate to be successful. If conveying the use of an app was your intention, then you are correct given that it is unlikely to occur.

This even depends on how the app validates the digital certificate. If any digital certificate is accepted as long as the url matches, then an attack my still be feasible.
__________________
Mac Security Suggestions

Last edited by munkery; Jul 14, 2011 at 03:24 PM.
munkery is offline   0 Reply With Quote

Reply
MacRumors Forums > iPhone, iPod and iPad > iPad

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iPad Banking App ZBoater iPad Apps 15 Nov 26, 2013 02:53 PM
iPad: Making the iPad safe(er) for my children to use? Maxinuk iPad 39 Nov 24, 2013 07:56 PM
Impatient non-developer - How safe are IOS 7 GMs found floating around the internet? mrdm iOS 7 36 Sep 15, 2013 10:47 PM
How safe is online banking/shopping with 4G LTE? kat.hayes Alternatives to iOS and iOS Devices 1 Nov 24, 2012 06:34 PM
Is it safe to sell my iPad 3 on eBay? Jacoblee23 iPad 7 Oct 23, 2012 04:41 PM

Forum Jump

All times are GMT -5. The time now is 07:29 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC