TANDEM APP SECURITY CONCERN

13567

Comments

  • Beddie
    Beddie Posts: 975 Forumite
    Part of the Furniture 500 Posts Photogenic Name Dropper
    flaneurs_lobster said:
    Bobby4puddings said:

    Up until recently there was a hack that could unlock an Android phone in less than 1 minute without any additional software. Google cured this with with a security patch on Google Pixel phones but not others, they were working on it.
    That sounds very worrying, do you have a link to more information about this security flaw?
    https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/
  • Qyburn
    Qyburn Posts: 3,431 Forumite
    1,000 Posts Fourth Anniversary Name Dropper
    lcooper said:

    Note I have no insight into the technology deployed by Tandem (doubt they are using FIDO2) but I am satisified that my money is safe with them, despite the absence of a password.

    Obviously not. Their passwordless security just consists of not having a password at all, there's no challenge and response.

    They use one parameter, the mobile phone number, to identify the account, then the SMS code to verify you have control of that phone number. The device running the app need not be the one receiving the text, that's a separate process.
  • flaneurs_lobster
    flaneurs_lobster Posts: 5,804 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    Beddie said:
    flaneurs_lobster said:
    Bobby4puddings said:

    Up until recently there was a hack that could unlock an Android phone in less than 1 minute without any additional software. Google cured this with with a security patch on Google Pixel phones but not others, they were working on it.
    That sounds very worrying, do you have a link to more information about this security flaw?
    https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/
    Thanks for that.

    That's just pisspoor testing, that flaw should not have been let through and certainly not by the World's Largest.

    Hopefully the fix has been applied across Android devices since the beginning of the year (might even test it out myself later).
  • Bobby4puddings
    Bobby4puddings Posts: 45 Forumite
    Sixth Anniversary 10 Posts
    As I said I have emailed Tandem twice on the app hoping they would know far more about internet security than me. They haven't bothered to reply. Not good.
  • GeoffTF
    GeoffTF Posts: 1,823 Forumite
    1,000 Posts Third Anniversary Photogenic Name Dropper
    edited 12 August 2023 at 12:55PM
    flaneurs_lobster said:
    Beddie said:
    flaneurs_lobster said:
    Bobby4puddings said:

    Up until recently there was a hack that could unlock an Android phone in less than 1 minute without any additional software. Google cured this with with a security patch on Google Pixel phones but not others, they were working on it.
    That sounds very worrying, do you have a link to more information about this security flaw?
    https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/
    Thanks for that.

    That's just pisspoor testing, that flaw should not have been let through and certainly not by the World's Largest.

    Hopefully the fix has been applied across Android devices since the beginning of the year (might even test it out myself later).
    These systems have millions of lines of code and most of them were not written by Google. Android is Linux under the bonnet (so is IOS). Security bugs are found regularly. It is impossible to find them all by testing. It is best not to rely on one device for your security. I do my online banking on a desktop PC running Linux Mint, and use my phone to receive text messages and emails. That way, two devices have to be compromised before I am in trouble
  • masonic
    masonic Posts: 26,463 Forumite
    Part of the Furniture 10,000 Posts Photogenic Name Dropper
    edited 12 August 2023 at 1:01PM
    flaneurs_lobster said:
    Beddie said:
    flaneurs_lobster said:
    Bobby4puddings said:

    Up until recently there was a hack that could unlock an Android phone in less than 1 minute without any additional software. Google cured this with with a security patch on Google Pixel phones but not others, they were working on it.
    That sounds very worrying, do you have a link to more information about this security flaw?
    https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/
    Thanks for that.

    That's just pisspoor testing, that flaw should not have been let through and certainly not by the World's Largest.

    Hopefully the fix has been applied across Android devices since the beginning of the year (might even test it out myself later).
    Only back as far as Android 10, and only to devices that were still receiving security patches late last year or early this year, given the several month lag in device manufacturers testing and rolling out security patches for their devices. Highlights the importance of not using out of support devices for sensitive things, or at least not taking them to places in which you cannot guarantee their physical security if you do.
    Bobby4puddings said:
    As I said I have emailed Tandem twice on the app hoping they would know far more about internet security than me. They haven't bothered to reply. Not good.
    When did you send each email? Live chat is also an option during business hours. Not getting a quick reply might be a good sign, as an accurate reply would require a front line agent to relay the query to the development team. That said, the best you can hope for is for them just to reinforce the information already shared with you in this thread. 
    Given they have had to shut down new account opening over the weekend, it would seem that they are quite busy since upping their rate to market leading.
  • CJR
    CJR Posts: 4 Newbie
    Part of the Furniture First Post Combo Breaker
    Back to basics. Questions being raised about  security ( and privacy) and Tandem failing to reply to my 2 emails. Not a bank to give me confidence. 
  • PixelPound
    PixelPound Posts: 3,047 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    jaypers said:
    I’ve mentioned on here before but it’s imperative that everyone sets up the PIN on their SIM. If you don’t, a thief can easily put the SIM in another phone and have immediate access to your messages etc, including the ability to request OTPs. This is a common issue/fraud. If you set the SIM PIN it means you have to enter it only when you power off/on the device. Very little pain that could save you a huge headache. 
    Also check how your provider handles port out and replacement SIM requests. 
  • vernon
    vernon Posts: 69 Forumite
    Part of the Furniture 10 Posts Combo Breaker
    I, for one, am not worried about security on the Tandem app, but where do I find Settings? I have tapped away like a demented woodpecker and still can't access Settings! I am using the Android version of the app. Many thanks.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.9K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.8K Work, Benefits & Business
  • 619.6K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture