Bank security components are not that safe
Financial institutions in Brazil have the habit of asking the user to install security components, aiming to increase user security when accessing Internet Banking, however, recently, some of the manufacturers of these technologies are suffering from security flaws.The company GAS Tecnologia and the company Warsaw, are responsible for most of the security components for banks such as Itaú, Banco do Brasil, among others.
Security breaches are as diverse as possible, such as failures in communicating with IPv6 networks, abuse of computer computing resources, making them "wagons" and more serious security breaches, such as unauthorized access.
Bradesco, is one of the most complicated of all, when its use is directed to the corporate market, as it does not work well in networks with proxies and requires that the network administrator always keep Java updated in the latest version.
In addition, it has an Exclusive Browser application, aimed at facilitating the access of companies to its platform, but which also brings several problems for individuals, where it requires the installation of a security component even in the exclusive browser (which should not be requested, as , should have already built in the solution).
Other problems with the Bradesco Component, and the lack of proxy configuration, that is, in a corporate environment, you are unable to use the Internet Banking platform, in any browser, or even in their "exclusive" browser.
Despite the constant flaws at Bradesco, we have not seen security flaws recently, unlike what we find in its competitors.
We also saw that the Microsoft Edge browser, currently, does not require the installation of the security component, passing freely access to the account without major problems.
Banco do Brasil recently uses a security component that has made computers simply "wagons", because it consumes a lot of computer resources for any activity, and the same is impossible to be removed, unless you restart the machine in mode and delete the folder to force removal, or use third-party software to remove programs.
In the past, these same security components were responsible for leaking user data.
We found a bank that does not require the installation of any type of program on the computer, and does not yet have DOC and TED fees, but has only 1 branch in the country, but in return, does not charge maintenance fees and has free withdrawal in boxes 24 hour network, useful for those who want to port the salary account and be able to transfer money to any bank:
Banco Inter (more information at https://bancointer.com.br/, previously called Intermedium)
Another item we found, is that the desktop application for accessing Banco Itaú, is like a dedicated application that doesn’t need any installation of other resources, and is consistent, instead of being used in browsers, and the competitor Bradesco Exclusive Browser, which is nothing more than a built-in "Firefox like".
It is also worth mentioning that most applications for Android and iOS do not require installation of components as well as on the computer, all you need to do is install only the bank application itself, without other components or other applications.
The Warsaw component is currently used with the banks: Banco da Amazônia, Banco Bonsucesso, Banco do Brasil, Banco de Brasília, Banese, Banestes, Banco Mercantil do Brasil, Banco Itaú, Banco do Nordeste, Banco Safra, Banco Sicredi, Banco de Venezuela, Banco del Tesoro and Caixa Econômica Federal.
It is worth remembering that despite the previous failures, all of them, according to the manufacturers, have already been addressed.
Sources:
http://www.dieboldnixdorf.com.br/warsawhttps://tecnoblog.net/195255/warsaw-plugin-bancos-falha-seguranca/
https://tecnoblog.net/176402/plugin-bancos-warsaw-ipv6-bloqueio/
https://www.colunatech.com.br/gas-tecnologia-warsaw-como-remover-4486/
No comments