2

I often find it difficult to chose if it is safer (in any context) to log in to my paypal, or other similar banking accounts using my Nokia or my PC.

Maybe, I am assuming the fact, that since I do have a lots downloaded stuff in my PC, it may contain a virus or not, even though I have anti virus, I rather tend to trust my mobile more often. I am thinking, since there may not be as much viruses made for mobiles or the fact I don't download anything in my mobile, that they are safer than PC while loggin in to sensitive places. I would like to know, if Mobiles phones, more specifically Nokia's are less vulnerable than your regular desktop.

samayo
  • 929
  • 2
  • 8
  • 10
  • I asked a similar question about online banking here. http://security.stackexchange.com/questions/30135/is-online-banking-more-secure-on-ios-than-a-desktop-computer – Nic Feb 05 '13 at 21:33
  • You have security software to tell you if you have a virus. At some point you must have some level of trust that your computer isn't infected. Otherwise the only way to be really be safe is to use a virtual machine every single time, and even that, has the risk of an infection trying to reach beyond the virtual machine like many of the banking Trojans attempt to do. – Ramhound Feb 06 '13 at 13:07

5 Answers5

5

There has been some questions about Nokia phones and how they handled SSL; namely, that up to recently the data was intercepted and decrypted on some servers owned by Nokia. While in this specific case they were probably doing it for the explicit purpose of adding compression and not at all for stealing cookies and passwords, this highlights the fact that a lot of things can occur within the guts of your mobile phone that you have very few ways of knowing about. Compared to that, a desktop PC is rather "open".

If you really worry about your PC, I suggest that, for bank-browsing, you reboot on a Linux LiveCD. Linux is rather robust against virus and malware, especially when used only for connections to "safe sites" and running off a read-only DVD.

One might notice that "rebooting off a DVD" is one of the things you can do with a PC and not with a smartphone.

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
2

Enable Paypal Security Key (2 factor authentication) for your account and prepare to worry less.

https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing_CommandDriven/securitycenter/PayPalSecurityKey-outside

What is it?
The PayPal Security Key creates random temporary security codes that help safeguard your PayPal account when you log in. It comes in 2 types, each with different advantages:
Security key: You carry this small credit-card sized device with you. It creates a unique security code on the go.
Mobile phone security key: You can sign up to get security codes sent by text message to your mobile phone.


How much does it cost?
There is no fee to use your mobile phone as your PayPal Security Key. Standard text messaging rates apply when you receive a security code by SMS. Check with your mobile provider for details.
The credit-card size PayPal Security Key costs $29.95, and there's no monthly service fee or additional cost. Replacement keys are the same price.

How do I get started?
Choose the type of Security Key you want. You can start using your mobile phone Security Key right away. If you would like a credit-card size Security Key, we will ship it to you.
Activate it from your PayPal or eBay account. 
k1DBLITZ
  • 3,953
  • 15
  • 20
1

This is rather speculative, the problem with mobile phones (and this also depends if you are running Symbian or Windows Phone) is that we do not know about a lot of malware. Phones are rather new to the battlefield called the internet, while the PC is hardened veteran.

On the other hand you are probably not running an AV on your phone, which might leave you vulnerable. However because fewer people will be using their phone (especially Symbian) than for instance Windows (PC), it's less attractive for criminals to write a virus for them (and also more complex).

Lucas Kauffman
  • 54,229
  • 17
  • 113
  • 196
1

Too many unknowns to answer: Are you logging on using the web browser on your phone, or are you using a mobile application? What web browser are you using? How does it implement security? (on both PC and mobile) How strong are the protections around your PC? Firewalls? wireless?

If you held a gun to my head and forced me to answer (or if you offered me a paycheck), I'd go to the Verizon Data Breach Report and look at the types of attacks that were most successful against banking sites and score my PC and my phone against that list.

MCW
  • 2,572
  • 2
  • 16
  • 26
1

If you are using a mobile device, your device is subject to many attacks such as

  • Juice jacking
  • A web browser that doesn't show HTTPS status
  • A web browser that doesn't show the URL... enabling phishing

If you must use a mobile device, I'd suggest using a dedicated application, as this post suggests. In addition, the application itself may also validate the HTTPS certificate key (preventing MITM attacks) or even better it may use mutual auth TLS

The ideal solution, is to reformat your PC, and install a virtual OS for games, testing, etc. Then use the standard PC for all your banking needs. Since the VM can't access your PC (hopefully you configured it so) then you're safe from any phishing or other attack.*

* Exception

makerofthings7
  • 50,488
  • 54
  • 253
  • 542
  • The whole "dedicated" application suggestion is flawed. There have been many examples of where a dedicated banking application has been flawed and PII was leaked because of the flaw. – Ramhound Feb 06 '13 at 13:10
  • @Ramhound Are you saying the web service could be coded incorrectly? Sure, but so can a normal website have XSS. What I'm saying is that *end user* issues and TLS MITM and phishing attacks have the option to be removed with a dedicated app. – makerofthings7 Feb 06 '13 at 13:28