Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
@Some Guy I have to wonder about this finger print authentication. How does this work exactly in a global sense ? Is there a database with endless numbers of scanned fingerprints in it ?
Sounds funny but I bet I am not too far off.
Ah yes, I do recall now that these security features were supposed to be local to the phone. Not sure how I feel about that either. But thanks for the clarification.
I am also skeptical that this method cannot be cracked, sure it is a major stride forward - but I am a firm believer that anything encoded can be uncoded.
So we 'll just wait until the smoking gun goes off ( again ).
Why not just make two-factor authentication required for using Apple Pay?
@GonzSTL I think that is a really good question. What is the problem if two-factor authentication is better for security which it obviously is - then why not burn it into the hardware ?
Manufactuers do this all the time in one way or another, so I don't understand why Apple is dragging it's feet on this. The only thing I can think of is they don't want to inconvenience their picky customer base.
"...I think that users' hesitation to use biometric authentication is weighed in by phone manufacturers as a factor that could lose potential customers, but if the technique is presented as a requirement only for NFC payments, that hurdle can likely be overcome ...."
@GonzSTL While I understand your reasoning here, from a consumer perspective I have to respectfully disagree. I would not be more apt to use a device or method of payment ( NFC ) nor would this entice me to succumb to biometric authentication.
In my case, there seem to be too much information already running around the Net without my control - I surly don't want to add my biometrics to it. But at least you are looking for solutions to the issue - I don't hear anything coming from manufacturers themselves.
@Some Guy I see. Yes the enabling and the disabling of the service is easy and I think that is the case for phones that have NFC, but there has got to be a better way to transmit the signal.
Of course I am at a loss for the answer to this plea but we will see if Apple can make this process sexy enough for mass adoption.
@GonzSTL I certainly appreciate your level headed approach to this difficult issue. I often get the feeling that NFC is a technology that even though the consumer is cool towards the idea, these manufacturers are dying to implement it.
I guess the real goal is to make the phone a tool for real-time commercial transactions, but people don't seem to be too excited about it, the uses we have now seem to be more than adequate.
And I agree, I hope the industry regulates itself but the first thing they probably need to do is to come to grips with the fact that not many want NFC and even if it is forced upon the consumer - they have choices now.
I think Apple just might learn this lesson again.
Really found this subject to be a very fascinating read Sarah. With Apple jumping head first into the mobile payments arena - I was really interested in see how they expect to pull this off. Otherwise it is a headache not many wanted to deal with until Apple decided to get out in front of this.
This token system is a good idea, but it too as you mention will be compromised as well by hackers in time. But I guess the industry had to start somewhere - and it is an improvement over magnetic cards ...etc.
I am not so sure I particularly like using my phone for purchases - though I pay bills occasionally but for the most part I don't want to use my phone for transactions. I may be in the minority here - as I do not have an iPhone either.
My question is who is governing this new method of payment transmission ? The FTC ? Seems to me Apple just created a de facto standard ?
@GAProgrammer Interesting. I had not thought about PayPal, and I think you are right - Apple would love to have a large piece of this market.
"....More and more of my friends who use iPhones are finding that the device REALLY isn't that great. I know of 10 people in the past 3 months who have ditched theirs for Samsung phones."
@GAProgrammer That is really interesting to hear. I have noticed this myself - Many iPhone users don't seem to be as happy as they once were. It has been a long time since Apple has had a significant new offering and when they did - they went larger, which is just what their competition ( Samsung ) has been doing for years.
@Sara Welcome back ! I see. Well, I really enjoyed the topic - I was initially very curious as to how Apple plans to address this potential security nightmare.
But after discussions with my peers along this thread and of course your work - I have a better understanding of just how Apple plans to pull this off.
@Some Guy How do you feel about NFC ? I am not a big fan since I am not a big fan of mobile payments in general. I just can't picture myself tapping my phone against some reader to make payments.
Call me a germaphobe - but that is also a consideration.
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
User Rank: Moderator
9/11/2014 | 11:10:02 AM
So it's close but not quite 3-factor authentication, because it doesn't require all three at the same time. Simply possessing the device while it's still unlocked and keeping it unlocked allows you to operate it in 1-factor mode at NFC terminals ... forever. Any pickpocket worth his salt can do that.