Phone and Apple Pay security

[Trogladite]

Not wanting to get involved with the current furore over security. But the security I feel currently with Apple Pay is being somewhat being lowered by all the talk on the news etc.

Will it be safe to continue I wonder, if the current issue goes pear shaped?

 

[C DM]

How is Apple Pay being affected by anything in the news?

 

[Trogladite]

It may not be affected directly, but if something said to be secure, eg. ios9 and an iPhone can be breached. What does that mean for the so called security in an iPhone.

It seems to me, if some unbreakable system can be broken, other related unbreakable systems will be broken sooner rather than later. I guess the banks will be watching this closely too.

It has taken a long time for trust to be built up. Trust is a fragile concept.

 

[C DM]

It may not be affected directly, but if something said to be secure, eg. ios9 and an iPhone can be breached. What does that mean for the so called security in an iPhone.

It seems to me, if some unbreakable system can be broken, other related unbreakable systems will be broken sooner rather than later. I guess the banks will be watching this closely too.

It has taken a long time for trust to be built up. Trust is a fragile concept.

Seems like the whole issue that's in the news is that it can't be broken so far and government is looking for another way in.

That said, pretty much most things end up being broken in into one way or another sooner or later, that's why newer and newer security measures are always being worked on. It's been reality throughout history basically and wouldn't really be anything all that surprising.

 

[Trogladite]

If if it happens, and we lose money, who will we sue. Lol. In truth I agree, but my mind keeps throwing up different angle. Whether they are do able or not.

 

[Chatter]

The Apple Pay security is different from the current FBI passcode fight. If tokenization is somehow hacked, then pretty much every xyz-pay system is screwed. Of course things will always evolve but generally speaking, you want to use Apple pay over your credit card swipe as much as possible.

 

[C DM]

If if it happens, and we lose money, who will we sue. Lol. In truth I agree, but my mind keeps throwing up different angle. Whether they are disable or not.

It would be no different than perhaps losing your credit card or some company's or the government's data being stolen. Nothing good certainly, but nothing catastrophic or unheard of really.

None of that is really at risk at this point from what's in the news, and other forms of credit card payment that have been around for longer have been at more risk for longer really.

 

[lagwagon]

It may not be affected directly, but if something said to be secure, eg. ios9 and an iPhone can be breached. What does that mean for the so called security in an iPhone.

It seems to me, if some unbreakable system can be broken, other related unbreakable systems will be broken sooner rather than later. I guess the banks will be watching this closely too.

It has taken a long time for trust to be built up. Trust is a fragile concept.

The Apple vs FBI case isn't even about encryption. The FBI wants a new version of iOS to be written just for them to bypass the security measures put in place on entering the Passcode. (Bypassing the 10 fail and wipe feature, bypassing the time delay after fail feature and having to physically tap it on the screen)

That version of iOS doesn't exist. It in itself isn't a security breach. The danger is that once created there is no guarantee it can be kept out of the hands of bad people (US government gets hacked and info leaked all the time.)

None of it, even in a scenario the FBI wins and gets the special iOS version created effects Apple Pay.

 

[kdarling]

Will it be safe to continue I wonder, if the current issue goes pear shaped?

As C DM pointed out, we use our credit cards outside of Apple Pay all the time. If they're compromised and we report it, we're covered by the bank with either method.

--
People have gone a bit overboard thinking that they suddenly need airtight security after so many years without.

Ironically, having extra security actually can work against the consumer in rare circumstances.

For example, when PINs were stolen from hacked EU terminals a few years ago. It took a long time before banks believed that customers had not given away the info on their own. Likewise, if someone used a fake finger to buy something with your phone, you could be hard pressed to prove it was not you that your phone's TouchId had authenticated.

--
The upshot is, in normal life there's no need to worry. If an exploit came along that allowed criminals to access a phone's info, it'd likely be noticed after a while, same as with other breaches, so you wouldn't be alone.

 

[Trogladite]

Thanks for your replies., all nicely reasoned. And follows my rational thoughts. My unrational thoughts still think that if apple are required to 'make' a cracked. iOS. Regardless of the real safety of the regular systems, the trust by the general public will begin to have doubts about the integrity of the infrastructure.

As I said before, trust is hard earned, and at best very fragile. Thanks again for the replies. I will probably not write more here, as it is difficult to stay out of the politics of the situation.