Receipts security issue

From the last thread (again), the key note is they’ll address this in the API rewrite

But someone with your browser history, access to your proxy server, etc probably could start digging around for this photo?

And more importantly, who’s to say that the photos being uploaded are only receipts? Users could be uploading all sorts of photos (warranty info, complaint letters, invoices, etc) and attaching them to the transaction. The photos may contain far more sensitive info than Monzo expect.

The current situation is unacceptably slack.

3 Likes

Why would it be in my browser history? I only look at the images via the app. I don’t believe they’re viewable via the emergency web app.

1 Like

However, the URL is only exposed once you export your statement from Monzo. At that point it is out of Monzo’s control and up to you to secure your data.

1 Like

I 100% get what you’re doing here, but for me this is a matter of principle over particular security concerns.

Anything I give to my bank, regardless, I expect to be securely saved.

Also: just because I wouldn’t be able to get that receipt image it doesn’t mean nobody could. I could give out my PIN here and most people wouldn’t be able to do anything with that information but it only takes one person to.

On a really hypothetical scenario, a fraudster might want to build up a profile of movement on a person, and if all their receipts are stored unsecurely then what’s to stop over time them knowing “she visits X every day and Y every Saturday” and I dunno… breaking into her house on that day. It’s completely made up but also not exactly a “pfft why would that ever happen”.

Receipts can contain personal information. Not all, granted, but some might.

It takes me a secured passcode to even read my online statement for a shopping website and that just says that I’ve spent nothing each month. An image I upload to my bank should be far more secure.

4 Likes

You’ll be glad to know then, if you read the previous discussion, that your receipt images are secured. :boom:

There’s other ways of providing security than a password.

Except that the receipts aren’t stored insecurely. If you can present an actual scenario where a ‘fraudster’ can get access to several (or even one) of your receipts that doesn’t involve you downloading a CSV export and sharing it with them (intentionally or not), then I’m interested.

This is my problem - just because I personally cannot do it does not mean it’s impossible.

My inability to hack does not mean my bank gets off on security.

If you can peep behind the technology curtain it becomes apparent that almost all “secure” things are not. Ultimately eliminating the exposure at one layer just makes it harder for an attacker and pushes the potential attack up a layer

The security that we have is what security experts have come up with that is “good enough”. IMO this meets that criterion today for me

Sure, in future Monzo could put the images behind a reverse proxy or something that does a session check but there’s issues with that. E.g. it’s quite possible monzo might do this by still serving the images from random public URIs but those never being known outside monzo

If this happened then technically the images are still there in the clear but now you’d need to actually beak something inside Monzo to know how to get them. Would that be “good enough” security for you?

2 Likes

Probably. To be honest I don’t use the receipts so this isn’t a personal issue for me. But enough people here are smart so if only a few have concerns then it’s worth checking into. Look at comparable services etc.

I’m not trying to imply that you or any one person should be able to do this, or even come up with the attack vector before we should be concerned.

Exactly, and even with this no one has come up with a credible theoretical attack. The few concerns that have been raised amount to hand-waving, “it’s a publicly accessible URL, those are bad, bad.” But no one has explained what the actual risk is (even at a high level). On the other side, we’ve had @daniel explain the mathematics behind why this is secure. So I’m not saying that Monzo can’t be wrong, but I’m not going to get worked up over some hand waving and the ‘belief’ that URLs are bad.

If Monzo were storing receipts at URLs like monzo.com/user/coffeemadman/receipts/1.jpg, then I’d be concerned.

Think about it another way. How do you authenticate to the Monzo app? By tapping on a publicly-accessible URL. How does OAuth work (when you log into a site using your Google/Facebook/Twitter credentials)? By sending publicly-accessible URLs. Are you concerned that these methods aren’t secure? A publicly-accessible URL can be secure depending on how it’s constructed and how it’s used. The theory behind this has been discussed in the other thread.

3 Likes

Found it :eyes:

tesco-store-number-on-receipt-the-receipt-show-how-was-overcharged

2 Likes

I do love a bit of malt loaf.

Also who doesn’t have a Clubcard :expressionless:

1 Like

I see a tricolore salad being made there also :heart_eyes:

I scan mine to get one of them scanner guns

1 Like

Ripe avocado? Bloody millennials again

3 Likes

I’m also assuming this isn’t actually the receipt :yum:

It’s the weirdest Ready, Steady, Cook bag I’ve ever seen

2 Likes

I understand that a long URL is very secure, it’s basically what monzo use to log people into the app, but by receipts the URL isn’t a one time use one so it then has security issues.

I see some nice meals there.

Ham, Egg and chips

Steak and Mash

mmmmm

1 Like

I assumed they were signed AWS URLs with an expiry set :frowning: seems it’s not the case

1 Like

True, someone might spend a trillion years brute-forcing the URL; that is a concern.

2 Likes