Since a few years I’m working with the Avast Antivirus Engine and the Secure Browser.
It’s a very comfortable and secure way to work in the internet with extensives ways to configure (i like it :D).
Unfortunately it works with windows board equipments inside the bank mode.
It’s like you lock your house, but you let open the backdoor of the building.
If you find a way to exchange one of these files (e.g. notepad.exe or calc.exe), it’ is possible to break into the sandbox.
I tried it with metasploit and a reverse tcp connection on my local pc system (combined with Virtualbox).
The result was, that I had the possibility to log the keyboard input inside the sandbox.
This is really to simple. :o
Why Avast don’t create his own tools inside the bank mode?
Another idea is to transfer the ASB bank mode to a window instead a full screen mode.
All keyboard inputs could be encrypted (my home bank work on this way).
Anyone could use all the tools they need without limitation.
It’s only a report, not more.
Perhaps somebody can say more to this (e.g. level or reason of development).
Suppose you use the 2-Step Verification to log in to your bank, how likely is it that the secure browser bank modus can be abused? Just a question from an interested layman. ???
I don’t follow your 2 step question? In bank mode, you would enter your user name and p/w then you would received your
numeric or alpha numeric code via your smart device and enter it into the appropriate place. How is that bypassing anything?