Banking Application: Comdirect recommends to ignore security warnings

Better to ignore security warnings? This dubious tip was given by the Comdirect bank to customers of their iOS mobile app via Twitter.

Job market

1. OSRAM GmbH, Munich
2. Robert Bosch GmbH, Abstatt

"You use the banking application and receive the error message below when opening the application? Do not worry, it's all about." a known bug, we will provide you with an update shortly "he said on the Comdirect Twitter account on Monday, "By the way: despite the error message, you can use the banking application as usual."

Comdirect: "Bad communication"

The banking application had informed users that there was a connection error. The board to simply ignore the warning has elicited many outraged reactions against Twitter.

Comdirect spokesman Geerd Lukaszen said at the request of Golem.de that the communication was not fulfilled. We will soon publish a clarification. However, on Tuesday morning, the dubious tweet was still topical on Comdirect's Twitter account there is a statement in which comdirect apologizesAccording to Comdirect, the connection only affected the display of messages in the banking application, but not the connections to the online banking system.

Removing the error message does not result in an unsecured connection, unlike browsers, for example. On the contrary, the corresponding functionality in the case just does not work.

The certificate change leads to a warning

The reason for the error message was probably the fact that a certificate issued by Comodo for the corresponding server – secure.outbank.io – had expired on Saturday. Outbank is a manufacturer of banking applications whose services are used by Comdirect. A new certificate Let's Encrypt for this server was issued Friday, but the application probably configured a lapel pin not accepting the new certificate.

Certificate problems with Outbank are apparently not new: if we look for the error message, we find older examples, where errors also occurred with the certificate change.

The problem has been solved by Comdirect now with an update. The Apple App Store and the Google Play Store both released the new version 1.9.0 on Monday. Users need to install this update and, of course, do not skip error messages related to security.