Schlagwort-Archive: notification

Pushbullet Security issue with sending TANs via SMS

Bildschirmfoto 2014-11-04 um 23.01.22
At first, this is a not very common use case but nevertheless it partly appeared to me, so not that unique.
How do you make your bank account more secure? Yes, we use SMS to send TANs on each transaction we want to initiate. In general a very secure method because of a third party (your mobile device) in between.
Now let us assume you use Pushbullet, an awesome service for displaying notifications received on the mobile device directly on your computer screen. This breaks all your secured process.
Why? Your mobile device and your computer are connected to Pushbullet. You loose your computer and someone gets into your bank account website. He transfers money and all it needs is a TAN. Now BOOM! Pushbullet displays it on your stolen screen… 🙁