Applepay weakness

[wesk702]

The only downside I can see with Applepay is someone finding out your 4 digit pass, which can be circumvented by just watching someone type it in. Once in, a thief can add their fingerprint to the phone and use their own fingerprint for transactions if passbook already had cards stored, correct?

I think entering Passbook and fingerprint should use a more secure and longer string and make that mandatory and not allow 4 digit pass for those two areas specifically.

People's 4 digit code is inherently weak placing more valuable info and permissions at risk.

Think about it. If the enclave is really as secure as it states, then the thief would have no worry about including their fingerprint cause the authorities can't get in their right? I mean fingerprint data is never passed along in a transaction.

 

[CaptMarvel]

just say no to simple passcodes?

 

[wesk702]

just say no to simple passcodes?

Yeah, but most people don't and use the 4 digit pass. I just think those two areas should not allow simple passcodes.

It's scary what could happen with someone knowing your 4 digit pass.


Hypothetical hysterical scenario:
Imagine if Pangu had a backdoor that was able to capture your keystrokes.
Boom, your key is stolen. Not a big deal right cause they don't have your phone. Then what if these Chinese hackers that Tim is so worried about is able to use your icloud info and steal a backup of your phone from icloud. Then they create a clone of your device and add their fingerprint.

 

[Intell]

Apple Pay requires use of the Touch ID. Most people who use Apple Pay would just unlock the device with Touch ID instead of a passcode.

 

[wesk702]

Apple Pay requires use of the Touch ID. Most people who use Apple Pay would just unlock the device with Touch ID instead of a passcode.

Yeah, but I'm sure there are scenarios where one would use the code like when the phone is restarted. I'm sure there can be others.

 

[scaredpoet]

Yeah, but most people don't and use the 4 digit pass.

Most people wouldn't have to use a passcode at all once they have TouchID working. The only times I ever need my passcode is when first boot up my phone (and that really only happens when I do a software update the phone reboots). Other times, I just use my fingerprint, so no one ever sees me enter my passcode, nor am I bothered that it's a complex one.

It's scary what could happen with someone knowing your 4 digit pass.

Aaaaaaand that's why shouldn't use them when you have TouchID.

Hypothetical hysterical scenario:
Imagine if Pangu had a backdoor that was able to capture your keystrokes.

This is also an argument for Apple disabling Apple Pay if a jailbreak is detected.

Boom, your key is stolen. Not a big deal right cause they don't have your phone. Then what if these Chinese hackers that Tim is so worried about is able to use your icloud info and steal a backup of your phone from icloud. Then they create a clone of your device and add their fingerprint.

Fingerprints are not stored in the backup image on iCloud. Nor is any information about the cards you've enrolled in ApplePay. when you restore your phone, whether it's the same phone or a new one, you HAVE to re-register your fingers, and you HAVE to re-enroll your cards.

 

[wesk702]

Fingerprints are not stored in the backup image on iCloud. Nor is any information about the cards you've enrolled in ApplePay.

I know the prints aren't. So if you restore your phone, you will have to manually add the cards in again? If so, that's better.

 

[scaredpoet]

I know the prints aren't. So if you restore your phone, you will have to manually add the cards in again? If so, that's better.

Yes, you have to add the cards again. They aren't synced anywhere, they are only stored in the secure element on the phone.

 

[nepalisherpa]

With iPhone 5 and phones before that, I used a 4-digit passcode for easier unlock. With iPhone 6+, I have a long/complicated password. I only need to enter this password once after a reboot.

 

[Sean7512]

The only downside I can see with Applepay is someone finding out your 4 digit pass, which can be circumvented by just watching someone type it in. Once in, a thief can add their fingerprint to the phone and use their own fingerprint for transactions if passbook already had cards stored, correct?

I think entering Passbook and fingerprint should use a more secure and longer string and make that mandatory and not allow 4 digit pass for those two areas specifically.

People's 4 digit code is inherently weak placing more valuable info and permissions at risk.

Think about it. If the enclave is really as secure as it states, then the thief would have no worry about including their fingerprint cause the authorities can't get in their right? I mean fingerprint data is never passed along in a transaction.

I brought this up yesterday: https://forums.macrumors.com/threads/1806253/

I think it is a very good practice for all users of TouchID to use a complex password.

 

[Menel]

The only downside I can see with Applepay is someone finding out your 4 digit pass, which can be circumvented by just watching someone type it in. Once in, a thief can add their fingerprint to the phone and use their own fingerprint for transactions if passbook already had cards stored, correct?

I think entering Passbook and fingerprint should use a more secure and longer string and make that mandatory and not allow 4 digit pass for those two areas specifically.

People's 4 digit code is inherently weak placing more valuable info and permissions at risk.

Think about it. If the enclave is really as secure as it states, then the thief would have no worry about including their fingerprint cause the authorities can't get in their right? I mean fingerprint data is never passed along in a transaction.

The beauty of TouchID from the very start last year, is you could have a complex password with more convenience than the 4digit pin.

First thing I did with TouchID was move to complex 11char password.

You should as well. Yes, Apple should force this.

 

[njchris]

You can wipe your phone with find my phone.

Thief thwarted.

 

[caesarp]

The only downside I can see with Applepay is someone finding out your 4 digit pass, which can be circumvented by just watching someone type it in. Once in, a thief can add their fingerprint to the phone and use their own fingerprint for transactions if passbook already had cards stored, correct?

I think entering Passbook and fingerprint should use a more secure and longer string and make that mandatory and not allow 4 digit pass for those two areas specifically.

People's 4 digit code is inherently weak placing more valuable info and permissions at risk.

Think about it. If the enclave is really as secure as it states, then the thief would have no worry about including their fingerprint cause the authorities can't get in their right? I mean fingerprint data is never passed along in a transaction.

You are contemplating someone has your phone? If your phone is lost/stolen you can wipe it remotely or deactivate cards without wiping phone. No different than if someone stole your physical card.

 

[newellj]

Yes, you have to add the cards again. They aren't synced anywhere, they are only stored in the secure element on the phone.

Right. Even signing out of your iCloud account will force reactivation of all your ApplePay cards. Certainly a restore is going to need reactivation.

----------

With iPhone 5 and phones before that, I used a 4-digit passcode for easier unlock. With iPhone 6+, I have a long/complicated password. I only need to enter this password once after a reboot.

Same here. Arguably, Apple should automatically disable simple passcodes if TouchID is enabled.

 

[JoeTomasone]

Yes, you have to add the cards again. They aren't synced anywhere, they are only stored in the secure element on the phone.

Actually, the cards are not stored anywhere. Only the token (Device Account Number) is stored in the Secure Element.

 

[Mufasa804]

Actually, the cards are not stored anywhere. Only the token (Device Account Number) is stored in the Secure Element.

Case closed.

 

[gsmornot]

Do you avoid ATM's and paying with debit too? In both of those cases you need to use a pin number.

I feel so much better about paying with my phone than using or worse handing my card to someone. It sounds to me like you assume no thought was put into this idea.

 

[penajmz]

I use a very long password to unlock my phone.

 

[Armen]

A Few things:

- The Passcode security system is still in place so that you can still access your phone in an event the touch ID sensor fails.

- The best security for ApplePay is YOU. Just like YOU are your own wallet's security system.

 

[NoBoMac]

Add: if I recall my brief foray with Apple Pay the other day, one does not even have to unlock the phone. The credit card pops up on the lock screen, and you verify with touch-id.

So the theoretical thief will not even see a 4-digit PIN. Unless they are following you around all day and shoulder surfing.

(for the record: 12 character passcode, upper and lower case, special chars, digits)

 

[NT1440]

The only downside I can see with Applepay is someone finding out your 4 digit pass, which can be circumvented by just watching someone type it in. Once in, a thief can add their fingerprint to the phone and use their own fingerprint for transactions if passbook already had cards stored, correct?

Why would someone go through that effort when they can just get your 4 digit debit PIN?

 

[sounak100]

Applepay weakness

The only downside I can see with Applepay is someone finding out your 4 digit pass, which can be circumvented by just watching someone type it in. Once in, a thief can add their fingerprint to the phone and use their own fingerprint for transactions if passbook already had cards stored, correct?

I think entering Passbook and fingerprint should use a more secure and longer string and make that mandatory and not allow 4 digit pass for those two areas specifically.

People's 4 digit code is inherently weak placing more valuable info and permissions at risk.

Think about it. If the enclave is really as secure as it states, then the thief would have no worry about including their fingerprint cause the authorities can't get in their right? I mean fingerprint data is never passed along in a transaction.

Well I can see a scenario where a person has the latest iPhone but an older iPad lacking Touch ID. The person may have the same pin for both devices. Someone can take a peek at his pin when he is using his iPad.

 

[XboxMySocks]

Imagine if Pangu had a backdoor that was able to capture your keystrokes.

No. It doesn't.

 

[JoeTomasone]

The only downside I can see with Applepay is someone finding out your 4 digit pass, which can be circumvented by just watching someone type it in. Once in, a thief can add their fingerprint to the phone and use their own fingerprint for transactions if passbook already had cards stored, correct?

Well, if you are using TouchID, in theory you are very rarely entering your passcode. Apple states explicitly that TouchID is designed to:

1. Reduce the amount of times you have to enter the passcode
2. Encourage you to eliminate the delay before the passcode is required that many people enagaged because they hated entering passcodes
3. Encourage you to use longer passcodes

You'll notice that there is no delay that you can set before TouchID is active - it is always active as soon as the screen is turned off.

So a potential thief won't have many opportunities to figure out your pin code, even if you stick with a 4-digit code. Further, they wouldn't need to enter a fingerprint; the passcode can always be used to authorize a payment; after 5 invalid fingerprint scans it is required.

However, they also have to have your phone... Which, of course, you will be de-authorizing as soon as it is lost/stolen. You could either disable it in Find My iPhone or disable the card by calling the issuer the same as you would for a physical card. Further, Find My iPhone will target the criminal's location inside a store where it is likely that security cameras are capturing the attempted use of your phone for posterity.

But seriously, how many people are EVER held up for their credit cards? Cash, yes - but single credit cards are useless unless you intend to kill the victim before they can make the call to the issuer.

I think entering Passbook and fingerprint should use a more secure and longer string and make that mandatory and not allow 4 digit pass for those two areas specifically.

People's 4 digit code is inherently weak placing more valuable info and permissions at risk.

I can't really argue against this, but since there are protections in place (escalating lockouts and the option to secure wipe the phone on too many invalid passcode attempts), the risk is somewhat balanced against the potential for non-savvy users to forget their passcode. Savvy ones can always use long passcodes. I will say, however, that it would be nice if you got a dialog box explaining why you would want a longer passcode and offering to bring you to the right place in Settings to configure it.

Think about it. If the enclave is really as secure as it states, then the thief would have no worry about including their fingerprint cause the authorities can't get in their right? I mean fingerprint data is never passed along in a transaction.

Fingerprints themselves are never actually stored in the Secure Enclave. To simplify, the points of your fingerprint are described in terms of data points, which are what is stored. They cannot (to my knowledge) be reverse engineered into a graphical fingerprint. Call it a one-way hash function.

 

[Fzang]

Why would someone go through that effort when they can just get your 4 digit debit PIN?

In some stores they don't even need that. Just swipe and scribble on the receipt, and off you go!