[Tinkerphones] OT: Banking in Germany (was: Strategies for sustainable phones)

Martin debacle at debian.org
Sun Sep 22 01:21:45 CEST 2019


On 2019-09-21 21:33, Xavi Drudis Ferran wrote:
> El Sat, Sep 21, 2019 at 07:22:22PM +0200, H. Nikolaus Schaller deia:
> > BTW: this makes me wonder if a TAN generator can be used for tracking
> > users? Who knows what information it is encoding in the TAN?
>
> No idea, I hadn't heard of TAN before. Sounds like an interesting question.

Just two laypersons thoughts:

First, the TAN generator hardware is very simple. It does not
have any connection to other devices or the internet, other than
the optical sensor to detect the flicker code on the screen.
There is no GPS to detect location.

Second, the TAN itself is very short, not more than six decimal
numbers. There is not much, one could encode in so few numbers.

> Pse. Mine is also a cooperative, but now it requires a mobile phone to
> operate. For many years it was enough with login and password, and for
> operations moving money, a printed code card (a small One-Time-Pad,
> which I left at home).  Now they send you a SMS that someone could
> intercept or someone could use your stolen phone, or force you to use
> your phone...

At least, you can receive SMS using an old, non-smart phone (no
Android/iOS!) or a USB GSM modem, using ofono or modem-manager
or gammu on a Linux PC. There is a software called sms4you, which
forwards SMS via email (and XMPP is in the works).

> I mean being a cooperative is not immediately a silver bullet (but maybe
> the rest of banks are even worse). 

They are probably slightly less evil.


More information about the Community mailing list