We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
TANDEM APP SECURITY CONCERN
Comments
-
https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/flaneurs_lobster said:
That sounds very worrying, do you have a link to more information about this security flaw?Bobby4puddings said:
Up until recently there was a hack that could unlock an Android phone in less than 1 minute without any additional software. Google cured this with with a security patch on Google Pixel phones but not others, they were working on it.
1 -
Obviously not. Their passwordless security just consists of not having a password at all, there's no challenge and response.lcooper said:Note I have no insight into the technology deployed by Tandem (doubt they are using FIDO2) but I am satisified that my money is safe with them, despite the absence of a password.
They use one parameter, the mobile phone number, to identify the account, then the SMS code to verify you have control of that phone number. The device running the app need not be the one receiving the text, that's a separate process.0 -
Thanks for that.Beddie said:
https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/flaneurs_lobster said:
That sounds very worrying, do you have a link to more information about this security flaw?Bobby4puddings said:
Up until recently there was a hack that could unlock an Android phone in less than 1 minute without any additional software. Google cured this with with a security patch on Google Pixel phones but not others, they were working on it.
That's just pisspoor testing, that flaw should not have been let through and certainly not by the World's Largest.
Hopefully the fix has been applied across Android devices since the beginning of the year (might even test it out myself later).1 -
As I said I have emailed Tandem twice on the app hoping they would know far more about internet security than me. They haven't bothered to reply. Not good.1
-
These systems have millions of lines of code and most of them were not written by Google. Android is Linux under the bonnet (so is IOS). Security bugs are found regularly. It is impossible to find them all by testing. It is best not to rely on one device for your security. I do my online banking on a desktop PC running Linux Mint, and use my phone to receive text messages and emails. That way, two devices have to be compromised before I am in troubleflaneurs_lobster said:
Thanks for that.Beddie said:
https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/flaneurs_lobster said:
That sounds very worrying, do you have a link to more information about this security flaw?Bobby4puddings said:
Up until recently there was a hack that could unlock an Android phone in less than 1 minute without any additional software. Google cured this with with a security patch on Google Pixel phones but not others, they were working on it.
That's just pisspoor testing, that flaw should not have been let through and certainly not by the World's Largest.
Hopefully the fix has been applied across Android devices since the beginning of the year (might even test it out myself later).
1 -
flaneurs_lobster said:
Thanks for that.Beddie said:
https://www.androidpolice.com/one-minute-hack-allowed-lock-screen-bypass-on-android-current-pixels-are-safe/flaneurs_lobster said:
That sounds very worrying, do you have a link to more information about this security flaw?Bobby4puddings said:
Up until recently there was a hack that could unlock an Android phone in less than 1 minute without any additional software. Google cured this with with a security patch on Google Pixel phones but not others, they were working on it.
That's just pisspoor testing, that flaw should not have been let through and certainly not by the World's Largest.
Hopefully the fix has been applied across Android devices since the beginning of the year (might even test it out myself later).Only back as far as Android 10, and only to devices that were still receiving security patches late last year or early this year, given the several month lag in device manufacturers testing and rolling out security patches for their devices. Highlights the importance of not using out of support devices for sensitive things, or at least not taking them to places in which you cannot guarantee their physical security if you do.Bobby4puddings said:As I said I have emailed Tandem twice on the app hoping they would know far more about internet security than me. They haven't bothered to reply. Not good.When did you send each email? Live chat is also an option during business hours. Not getting a quick reply might be a good sign, as an accurate reply would require a front line agent to relay the query to the development team. That said, the best you can hope for is for them just to reinforce the information already shared with you in this thread.Given they have had to shut down new account opening over the weekend, it would seem that they are quite busy since upping their rate to market leading.0 -
Back to basics. Questions being raised about security ( and privacy) and Tandem failing to reply to my 2 emails. Not a bank to give me confidence.0
-
I’ve mentioned on here before but it’s imperative that everyone sets up the PIN on their SIM. If you don’t, a thief can easily put the SIM in another phone and have immediate access to your messages etc, including the ability to request OTPs. This is a common issue/fraud. If you set the SIM PIN it means you have to enter it only when you power off/on the device. Very little pain that could save you a huge headache.5
-
Also check how your provider handles port out and replacement SIM requests.jaypers said:I’ve mentioned on here before but it’s imperative that everyone sets up the PIN on their SIM. If you don’t, a thief can easily put the SIM in another phone and have immediate access to your messages etc, including the ability to request OTPs. This is a common issue/fraud. If you set the SIM PIN it means you have to enter it only when you power off/on the device. Very little pain that could save you a huge headache.1 -
I, for one, am not worried about security on the Tandem app, but where do I find Settings? I have tapped away like a demented woodpecker and still can't access Settings! I am using the Android version of the app. Many thanks.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.9K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.7K Spending & Discounts
- 246K Work, Benefits & Business
- 602K Mortgages, Homes & Bills
- 177.8K Life & Family
- 259.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards