Apple Pay Possible Secuirty Flaw.

Discussion in 'Apple Watch' started by Sheon, May 17, 2015.

  1. Sheon macrumors newbie

    May 17, 2015
    Call me paranoid but...

    What's to stop someone from using a mobile Apple Pay reader and with enough practice and training be able to double tap the Apple Pay button without you knowing and drain your bank account.

    At least with iPhone you need your finger print and it's very secure.

    Apple should at least allow to add a passcode before any Apple Pay purchase on the watch.

    Another scenario could be your drunk at the bar and 2 taps of that button and bam there goes your money.

    I might be overly paranoid lol but I like to stay 2 steps ahead of these criminals lol. Stopping my Apple pay on my watch for now tel they at least add a passcode to it.

    I can already see someone getting there now u stolen blaming Apple and suing Apple for it -.-

    We do live in sue happy America.

    Most people would know someone touching there wrist I'm sure but hey if people can pickpocket and steal your wallet and even Rolex I'm sure they could find a way to abuse Apple pay.

    Other then that I love my Apple watch
  2. edlex macrumors 68000


    Apr 14, 2010
    No ones getting that close to me without putting my situational awareness on high.
  3. Sheon thread starter macrumors newbie

    May 17, 2015
    I am sure I would be the same but if it's super crowded area I'm sure it could be possible.

    And I'm sure I'm overly paranoid lol but better safe then sorry once I seen how easy it was to use Apple Pay.
  4. Gdgtguru macrumors member

    Oct 7, 2011
    I think it would be a whole lot easier to pick a pocket and steal your card than to do what you are suggesting. They would have to have the reader in their hand, double tap the button, and tap the card on the screen all while you don't notice. I suppose if you are THAT drunk maybe, but I am pretty sure I would notice if someone were doing all of that.
  5. Che Castro macrumors 603

    May 21, 2009
  6. Sheon thread starter macrumors newbie

    May 17, 2015
    That's true.

    Tho when I used it at McDonald I didn't need to touch the reader just be a few inches from it. Works amazing tho.

    I'm sure some idiot will make a small enough mobile payment reader to make this possible.

    Could NFC be boosted from a distance or is this impossible?
  7. BillyTrimble macrumors 6502a

    Sep 20, 2013
    Wow. All excellent points that Apple would be well advised to follow.

    In fact, my real concern is that while in a drunken stupor at my local bar or local
    Whole Foods market, where I am often drunk while shopping or perhaps sleepwalking, someone chops off my arm with my watch attached and proceeds to use my apple pay to charge my card for $3 worth of pizza.

    Does anyone know if there has to be blood flowing under the watch for the watch to continue to think it's still on my wrist and not requiring re-entry of a code? If blood flow is not required, then this must certainly be changed.

    And imagine what happens if you die while the watch is still on your wrist. Someone will carry my dead body to Walgreens and purchase all sorts of toiletries and vitamins.

    And lately, I've had a feeling that someone is grabbing my wrist. I thought it was some girl trying to flirt with me. Now I realize it's someone trying to surreptitiously double tap the button to invoke my apple pay.

    And the iPhone isn't secure. Just the other day, someone tried to cut off my thumb to be able to use my iPhone with apple pay.
  8. edlex macrumors 68000


    Apr 14, 2010
  9. Sheon thread starter macrumors newbie

    May 17, 2015

    Thanks for the laugh LOL

    I have already used Apple pay and it's very easy 2 taps touch the reader and done very easy I love it.

    I just wanna stay 2 steps ahead of idiots who wanna steal from people
  10. madsci954 macrumors 68030

    Oct 14, 2011
    1) As edlex said, you basicly need to be a ninja to double tap a button on your wrist and hold a reader up to it

    2) the watch sounds and vibrates a when a transaction is done, so even in a crowded area, you'll still know something is up.
  11. Phil Holland macrumors regular

    Phil Holland

    Jun 7, 2011
    Anyone wanna play "guess the IQ?"
  12. zacheryjensen macrumors 6502a


    May 11, 2009
    This is where you report fraudulent charges to your CC company and suffer no ill consequences whatsoever.
  13. supertomtom macrumors 6502


    Sep 21, 2007
    Gold Coast, Australia
    I suppose if you're that paranoid and know you're gonna have a drunken night out, then turn off Apple pay on your watch and just use your phone when you go out?

    But if someone gets that drunk that they're oblivious to their surroundings, then I wouldn't call it a security flaw on Apple's part but more user error.
  14. mcdj macrumors G3


    Jul 10, 2007
    Given the quality of your speling and logick, I think maybe disabling Apple Pay is a good idea for you, because sue happy America.
  15. Sheon thread starter macrumors newbie

    May 17, 2015
  16. ryanasimov macrumors regular

    Apr 1, 2007
    1. Do battery-powered contactless readers exist?
    2. If they do, can they be operated in such a manner where the user can collect payment without being caught?
    3. Apple Pay is just a conduit to your credit card; if you're the victim of fraud you dispute the charge.
  17. Mr. Buzzcut macrumors 65816

    Mr. Buzzcut

    Jul 25, 2011
    Said the misspelled non sequitur to the... ah never mind.
  18. Sheon thread starter macrumors newbie

    May 17, 2015
  19. foxkoneko macrumors 6502

    Sep 5, 2011
    Unfortunately stupidity will find a way #
  20. AdonisSMU macrumors 603

    Oct 23, 2010
    Someone would have to touch your watch and be able to double tap it without you knowing at all and responding in kind. I don't see how that is possible. I'm not saying it's impossible...but the likelyhood of getting caught is so great and that alone would likely deter theft of this sort.


    I never understood people going out to get drunk rather than going out to have fun. Does one really need to be inebriated to have a good time? What does that say about the people who do need this sort of thing to open up and have a great time?
  21. Mac 128 macrumors 603

    Mac 128

    Apr 16, 2015
    The scenario is that it is removed from a persons wrist while incapacitated, be they drunk, sleeping, or knocked unconscious. It's already been shown that just inserting fingers behind the watch when removing it, is enough to transfer it to another wrist without the need to re-authenticate. Also, yes there are mobile NFC readers, the likes of which you'll use at bars and restaurants, so no need to remove it from your wrist at all. Just slip the unsuspecting victim a Mickey at the bar, and then when they pass out drain their bank account. This is probably the most likely scenario I see thieves perpetrating.
  22. flur macrumors 68020


    Nov 12, 2012
    You are paranoid.

    Just for kicks and giggles, get some friends together and go out for a night of drinking. Tell them at the beginning of the night that if they can bring up your Apple Pay card *without you noticing they did it* you'll buy them a drink. See what happens.

    Fact is, it's darn close to impossible to press that button even once without the watch wearer noticing it, let alone twice. And to get it done in quick enough succession to actually activate Apple Pay, you really have to hold the watch on both sides, something else you're likely to notice. AND, even if they managed to do that without you noticing, which, frankly, you'd have to be darn close to passed out at that point, it's still no risk unless they also have a handheld NFC scanner, all ready with some giant transaction on it, to put next to your drunk, limp wrist. Of course, they could physically drag your drunken carcass to the nearest pay machine, but at that point, you'd likely notice. Well, maybe, unless you're completely passed out, in which case they've gotten your wallet and your cell phone and the watch is the least of your worries.
  23. Sheon thread starter macrumors newbie

    May 17, 2015
    Kinda why I said I'm probably just being paranoid lol.

    But I'm sure people could find a way to do it without someone knowing.

    Just bump into u and do it etc or wait for u to be drunk etc.

    All I'm saying is it could be possible and which we had another option to protect us just INCASE.
  24. LIOC macrumors member


    Oct 20, 2011
    They would need to double tap the side button, pick a card from the touch screen, and scan it. If you are so drunk you are not noticing this it would probably be easier to just steal the watch from you and sell it.

Share This Page