IOS 9 security flaw

Discussion in 'iOS 9' started by ShadowJade, Sep 17, 2015.

  1. ShadowJade macrumors newbie

    Joined:
    Jul 12, 2014
    #1
    Moments after DLing IOS 9 yesterday, I noticed and reported what I believe to be a serious security flaw. While locked, a double tap of thehome button now activates Apple Pay, (I will sadly miss music controls). While using the credit cards still requires your fingerprint, the rest of your passbook, (err Wallet), cards are right there ready to use QR codes and all. My preloaded Dunkin Perks card, my upcoming concert tickets...
    Also sad for my son to losehis ability to listen to an audiobook and follow along with the digital book on the same device...this is no longer possible with audiobooks moved into the iBooks app
     
  2. CosmoPilot macrumors 65816

    CosmoPilot

    Joined:
    Nov 8, 2010
    Location:
    South Carolina
    #2
    Settings > Wallet & Apple Pay

    Turn double tap off!

    Security flaw fixed!
     
  3. sinsin07 macrumors 68030

    Joined:
    Mar 28, 2009
    #3
    And when you did that for the first time you also got a notice that you can turn this off in settings.
    Don't tell just half the story.
     
  4. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #4
    Doesn't double tap log you in? If you get a fingerprint not registered to your 6 does the same thing happen?
     
  5. ShadowJade thread starter macrumors newbie

    Joined:
    Jul 12, 2014
  6. ShadowJade thread starter macrumors newbie

    Joined:
    Jul 12, 2014
    #6
    Yes it does. Not sure why this exists anyway...you don't need the phone "ready" for Apple Pay...simply holding it near the NFC device brings up the fingerprint screen.
     
  7. Smith288 macrumors 6502a

    Smith288

    Joined:
    Feb 26, 2008
    #7
    No. Laying your finger unlocks. Double tap doesnt do anything unless you mean double clicking which is a different action. Double clicking with apple pay double click off just reads your finger print and unlocks.
     
  8. Smith288 macrumors 6502a

    Smith288

    Joined:
    Feb 26, 2008
    #8
    I like it. It's a lot less goofy looking randomly waving your phone around a payment terminal and then the cashier awkwardly goes "yeah, we dont have apple pay". Dont act like you havent been in this scenario about 50 times already.
     
  9. ShadowJade thread starter macrumors newbie

    Joined:
    Jul 12, 2014
    #9
    So back to the problem...if I want double tap on for Apple Pay I need to expose my Passbook cards/boarding passes/concert tickets? That seems half-baked to me.
     
  10. geoffm33 macrumors 6502

    geoffm33

    Joined:
    Dec 27, 2010
    #10
    If you can turn off a feature that exposes a security flaw for rewards cards and payment cards (non-apple pay cards like Starbucks, etc) then it's still a security flaw.
     
  11. CTHarrryH macrumors 65816

    Joined:
    Jul 4, 2012
    #11
    Find the answer on the other exact thread you opened
     
  12. ShadowJade thread starter macrumors newbie

    Joined:
    Jul 12, 2014
    #12
    Sorry it posted twice on my iPhone due to network I was on. It is still a flaw if wanting to leave Apple Pay on exposes the other cards without needing a fingerprint or password.
     
  13. CosmoPilot macrumors 65816

    CosmoPilot

    Joined:
    Nov 8, 2010
    Location:
    South Carolina
    #13
    The double tap allows for changing which card you want to use. I really like this feature.
     
  14. gsmornot macrumors 68030

    gsmornot

    Joined:
    Sep 29, 2014
    #14
    Its an option you can have on or off. The point is to give you access to your rewards cards along with Apple Pay in a simple to use format. Its something that can be turned off. If it makes you nervous also consider turning off other ways to get you. Siri from the lockscreen because someone could ask for directions home, control center because a person taking your phone could activate airplane mode before you have a chance to use Find My iPhone, Notification Center because people will see your meetings and text messages, Lock Screen previews of messages and alerts. The point is, it gives you the ability to access something faster but is not a flaw because its a known feature and is able to be deactivated along with the other items listed here.
     
  15. CosmoPilot macrumors 65816

    CosmoPilot

    Joined:
    Nov 8, 2010
    Location:
    South Carolina
    #15
    It is not a security flaw!

    The double tap only brings up your cards (no useful info is displayed). You still have to use a registered fingerprint to get anywhere with it.

    If you don't believe me, ask a trusted friend to take your iPhone and learn anything of value by double tapping the home button. Might as way have him or her try to purchase something too. As you will see they cannot. But like I said if it bothers you just turn that feature off.

    The feature is designed to allow you to switch payment methods quickly without digging deep into the wallet app first.
     
  16. CosmoPilot macrumors 65816

    CosmoPilot

    Joined:
    Nov 8, 2010
    Location:
    South Carolina
    #16
    You do not need to double tap to use apple pay. You only need to hold your iPhone next to a pay terminal. The double tap exists so you can swap from your default card to another payment method quickly.
     
  17. sinsin07 macrumors 68030

    Joined:
    Mar 28, 2009
    #17
    The quoted statement didn't allude to whether it was a "security flaw" or not.
    It just added detail that was left out in the OP's original comment.
     
  18. protobiont macrumors 6502a

    Joined:
    Jul 6, 2010
    #18
    If someone steals your phone, they're going to try to wipe and sell it, not get free donuts, go see a concert, and then try to board a plane...
     
  19. garlicbread24 macrumors member

    garlicbread24

    Joined:
    Apr 29, 2015
    #19
    the OP is saying it also gives you access to other wallet things outside of debit/credit cards like the starbucks "card". those do not need your fingerprint in this case
     
  20. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #20
    Convenience over additional security... you get to choose which one you personally want more.
     
  21. jmantn macrumors 6502

    Joined:
    Mar 13, 2012
    Location:
    Tn
    #21
    Exactly OP has A CHOICE. No one is making you leave this on.

    Just like having a six digit passcode versus alphanumeric. No one makes u leave it at six digits just like no one makes you leave control center enabled on home screen or have Siri active while phone is locked. Oh and same thing for emergency ID being available on via lock screen.

    I also got a notification stating I could turn off the double tap to access wallet when I first used it.

    Honestly this is why it takes so long to get more advanced features because it's always a small group that complains and is the most vocal when the majority is screaming for more things like this.
     
  22. NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #22
    What C DM said.

    Control Center on lock screen is another convenience vs security thing on the iPhone. By having on lock screen, does have easy access to basic controls, but if phone is "lost", the person that has the phone can easily put into airplane mode, making it dead to "Find my Phone", remote wipe.
     
  23. JT2002TJ macrumors 6502a

    Joined:
    Nov 7, 2013
    #23
    I like it... makes starbucks faster and easier. Now if the same double tap would bring up my starbucks card on my watch, I would be even happier. I think it was a nice addition.
     
  24. CosmoPilot macrumors 65816

    CosmoPilot

    Joined:
    Nov 8, 2010
    Location:
    South Carolina
    #24
    So we're not worried about the credit cards then...a Starbucks card???

    Okay. I guess!

    If my phone gets stolen, I'm worried about more than someone getting a latte with my info.

    Thus Apple has provided Find My iPhone. So in the event someone has access to my phone other than me I can still locknut down. I only need to find someone with an Apple device...hopefully one of those this of people are around.

    Seriously, the #1 thing when a phone is stolen is to ensure criminals cannot get into your device and get sensitive information. With TouchID, I use a complex alpha-numeric passcode (only need it once because fingerprint is used after initial log in). Having access to random NON-Bank cards is not going to matter at all. In the mean time, you grab my iPhone and disable or lockout your phone with Find My iPhone app.

    Still 0 security flaw...as always disable double tap if your Starbucks Card is that important.
     
  25. crashoverride77 macrumors 65816

    Joined:
    Jan 27, 2014
    #25
    Well, not anymore, thank you iOS 7 and activation lock.
    People stealing iPhones these days are idiots, the same idiots that than try to sell them on eBay with a big disclaimer "PHONE IS ACTIVATION LOCKED" which is basically saying yeah, I stole or found this phone.
    Its hilarious.

    Back on topic, as other people have mentioned, you cannot do anything with the cards unless you use TouchID. So its not really a security flaw and as another user also said its the same as notification centre, siri etc. Don't like it, turn it off.
     

Share This Page