Is it safe to use an IPAD for internet banking?

Discussion in 'iPad' started by Denis54, Jul 12, 2011.

  1. macrumors member

    Joined:
    Mar 24, 2011
    #1
    I am a new iPad user.

    My PC has an antivirus and a firewall. Is my IPAD as safe as my PC since it does not seem to be protected by any software.
     
  2. macrumors 68000

    Joined:
    Aug 20, 2010
    Location:
    USA
    #2
    I would say the iPad is as safe as a Mac because they are both built off of the same core. Think of the iPad as "Mac OS X embedded" software. I don't have antivirus on the Mac, and I'm fine with it.

    I know this sounds ironic, but I am more comfortable (security-wise) on a Mac with no antivirus than on a Windows computer with antivirus.

    With Windows, I just have a hunch that there's a million little gnomes in there trying to mess with me. I just read a report that since the computers are made in China, there's some corrupt stuff going on where the people there stick phishing stuff in Windows before it gets overseas.

    I feel more secure with a Mac.

    But anyway, back to your question, I would say an iPad is fine for internet banking.
     
  3. macrumors 65816

    Joined:
    Jun 9, 2011
    Location:
    Halfway between the Equator and North Pole
    #3
    On a secure network you should be okay. But forget about it at your local fast food or coffee joint, or any other public WiFi site.

    Might be wise to clear your cache, cookies, and history after each banking session. I do, just to keep my paranoia in check. :cool:
     
  4. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #4
    As long as the banking site is using a secure session (https://....), I don't see why using a public wifi would be an issue. The data including login and password is all encrypted before it is sent to the bank.
     
  5. macrumors member

    Joined:
    Dec 1, 2010
    #5
    Different hardware makes no difference.

    This depends on the security of your internet connection and bank website.
     
  6. macrumors 65816

    Joined:
    Jul 6, 2007
    #6
    I would use an app for your bank (if available) as an added security. However, there was an issue with security of the Citi app while back so app is no means bulletproof, but you would assume that the banks making their own app would do some due diligence on security.
     
  7. macrumors G3

    Joined:
    Jul 4, 2007
    Location:
    Atlanta, GA
    #7
    Firesheep, IRC, intercepted your credentials as they were being sent to the router, before https had anything to do with it.
     
  8. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #8
    As I understand it, Firesheep works only by intercepting a ID cookie from the web site (bank in this case) and would only work if the bank encrypted the login only and not the subsequent traffic. Every bank I have used online encrypts the entire session and Firesheep would not work.
     
  9. mpaquette, Jul 12, 2011
    Last edited by a moderator: Jul 12, 2011

    macrumors regular

    Joined:
    Jul 15, 2010
    Location:
    Columbia, SC
    #9
    I believe using iPad to do online banking is as safe as using a PC/Mac. As others have said, I wouldn't do any kind of financial stuff over free public WiFi. I'm sure it's fine 99% of the time, but there's always the greater potential that someone is able to see your network activity.
     
  10. macrumors 6502a

    GreatDrok

    Joined:
    May 1, 2006
    Location:
    New Zealand
    #10
    I use my iPad for banking just fine. I don't do that on my Windows 7 PC after discovering a keylogger had got onto the machine and I tracked the source download that had the trojan and it had merrily sailed past MS Security Essentials and run on my machine for a week before an update to the sginatures flagged it.

    Anti-virus is never secure because it is reactive. My PC gets used for games and light web browsing. Anything else is done on my iPad.
     
  11. macrumors 68000

    ajohnson253

    Joined:
    Jun 16, 2008
  12. Syk
    macrumors 6502a

    Joined:
    Jun 20, 2010
    #12
    Using an app would probably be safer than using a PC if you're that concerned about it.

    That being said I personally don't use public wifi(hotels,etc) for anything other than surfing news site and the such. When I plan on doing anything that requires my password or I know I'll be doing both. I use MyWi and tether to my phone. I think it's a little more secure.
     
  13. macrumors 6502

    Joined:
    Jan 7, 2002
    #13
    I'm a little weary of doing internet banking on a jailbroken device, whether it's an iPhone or iPad. Not that the jailbreak itself compromises the security, but I don't completely trust the apps added through external sources in Cydia (the sketchy sources, you guys know what I mean).
     
  14. Syk
    macrumors 6502a

    Joined:
    Jun 20, 2010
    #14
    Nothing wrong with that. Too be honest after iOS 5 comes out I may not jailbreak my device.
     
  15. macrumors 6502a

    Benbikeman

    Joined:
    May 17, 2011
    Location:
    London, England
    #15
    And I just read a report that aliens from the planet Zaarg are reading our thoughts ...

    You do realise that iPads are made in China, right?
     
  16. munkery, Jul 13, 2011
    Last edited: Jul 13, 2011

    macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #16
    This is good advice.

    To properly clear your cache, cookies, and history from mobile safari, you must also fully reset Safari.

    Two methods to do so are as follows:

    On an iPad there is no way to manually view and verify the digital certificate as far as I know. This leaves the connection liable to sophisticated man-in-the-middle attacks where the encryption is stripped and the connection is redirected to a spoofed website.

    The following information from my "Mac Security Suggestions" link is important in relation to online banking.

    Some users notice issues when CRL is set to "Best Attempt." This does not have to be set as it is only a backup for OCSP.

    Much of these tips can't be done on a iPad. But, much of these risks are mitigated via only online banking on a secured wireless network with no unknown users.
     
  17. Syk
    macrumors 6502a

    Joined:
    Jun 20, 2010
    #17
    This is pretty much why I create my own hotspot like I posted above. I've seen my cousin do a MIM at a hotel just playing around. He's no techie either but he does know how to download the tools and watch a few videos online that show how it's done
     
  18. munkery, Jul 13, 2011
    Last edited: Jul 13, 2011

    macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #18
    If you are using a laptop to online bank on a public network, you are safe if you follow those tips I provided in my post.

    Your method also does promote security as well.

    Mitm attacks are possible on cellular networks but require special equipment to do so. I would recommend still following those tips I provided even if you are using a cellular network to access the internet.

    As for iPhones and iPads that have 3G internet, I would not do any online banking over the cellular network just as a precaution. Though, I have not heard of mitm on cellular networks being done outside of research settings.

    EDIT: To ease your worries about the security of your iPad, I thought you might appreciate this link.

    http://www.infoworld.com/d/mobile-technology/apple-ios-why-its-the-most-secure-os-period-792-0
     
  19. macrumors newbie

    Joined:
    Jul 13, 2011
    #19
    iOS is very secure and is not being threatened by viruses like other os's it is more secure do to Apples locked down OS. I would never do online banking if I was jail broken though.
     
  20. macrumors member

    Joined:
    May 10, 2010
    #20
    I work for one of the largest banks in the US and with online banking for corps(aka very high security). The iPad, in practice, is by far the safest way to bank. You are not vulnerable to the most common attacks (worms, trojans, keyloggers) and the only concievable way to capture your credientials would be a very complex and highly targeted man-in-the-middle attack which might takes weeks to decrypt. (lets face it, you or your account are not important enough to justify that kind of attack)

    As long as it uses https, feel free to bank anywhere, cellular or wifi. The encryption tunnel will be secure.

    edit: this all goes out the window if you jailbreak.
     
  21. macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #21
    This is incorrect.

    If the attacker has spoofed the bank's website and the user is unable to verify the digital certificate, the connection made will appear encrypted eventhough it is not. Then, the attacker mimics an error on the page after the user attempts to login and exposes their login credentials. No need to decrypt the data.

    The work would be spoofing the websites. Once that is done, then just camp out a public wifi network to collect login credentials. On a large public network, login credentials could be collected in profitable volumes over not that long of a duration.
     
  22. macrumors 68030

    fhall1

    Joined:
    Dec 18, 2007
    Location:
    NY State of mind
    #22
    Yes, but once you spoof the bank's website, there's nothing saying the iPad is insecure or less secure than anything else....you can be on a bulletproof connection and a super locked down machine, but if the website is hacked nothing you do to increase your security posture (except not doing any online banking) will matter.
     
  23. macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #23
    Read my posts, I never said iOS was insecure. In fact, I provided a link stating the exact opposite. All I am saying is that iOS users have a more difficult task avoiding certain types of attacks.

    Also, spoofing a website is different than hacking a website.

    http://www.thoughtcrime.org/software/sslstrip/
     
  24. macrumors member

    Joined:
    May 10, 2010
    #24
    You're being pedantic, I said except for a targeted and highly sophisticated man in the middle attack. And you said 'no but' and named a targeted and highly sophisticated man in the middle attack with added spoofing. Aside from that, if you use an official banking app, this would again be rendered impossible.

    So once again, use your banks app and you are probably more secure than you'd even be using your computer at home.
     
  25. munkery, Jul 14, 2011
    Last edited: Jul 14, 2011

    macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #25
    My first post in this thread mentions the requirement of spoofing the login page. See the following quote.

    Redirection to a spoofed website may not even be required.

    https://www.owasp.org/images/7/7a/SSL_Spoofing.pdf

    I was responding to these parts of your post. A post which make no reference to an app issued by the bank.

    In circumstances where verification of the digital certificate is under the control of the user such as when the web browser is used for online banking, the encryption tunnel may not be secure.

    In relation to an app, the attacker would need a stolen or forged copy of the banks digital certificate to be successful. If conveying the use of an app was your intention, then you are correct given that it is unlikely to occur.

    This even depends on how the app validates the digital certificate. If any digital certificate is accepted as long as the url matches, then an attack my still be feasible.
     

Share This Page