This is a terrible fucking idea.
.
.
.
.
.
Oh, OK, I suppose I can give it more time than that. Apple Pay is Apple's new thing to use your iDevice to pay for stuff without the hassle of things like cash or credit cards. So, it's like PayPal or Google Wallet, or a prepaid VISA card, or, well, you get the point.
Except!
It's revolutionary, because Apple.
I realize that I have a long history of hating all over Apple's stuff, so I'm going to try to be as objective as possible with this.
Security is Hard. Let's repeat for the slow kids in the class: Security is Hard. For anyone who's been paying attention to this topic for a while, there's been a recent rash of well known brands getting knocked over. All those links in the last sentence? Different incidents. And that is by no means an exhaustive list.
Even companies that are good at security have a hard time with it. Apple on the other hand, has a terrible history with doing things in a secure fashion. Remember GoTo Fail? All those iPad accounts getting cracked? The Fappening? All that stuff is recent. And analysis of stuff like the GoTo Fail bug shows that this is the kind of error that will be caught by common, standard tools when you're writing code. Which implies that Apple is writing their stuff without any safety measures, code review, or standards.
So, do you think it is a good idea to trust your money with a company that has a history of doing security poorly, when the evidence indicates that there are many more exploits coming in the future?
If you still think Apple's stuff is secure, go review the results of the Pwn2Own contest in the link above. Apple's devices and software gets knocked over as an afterthought once someone provides a financial incentive.
Kids, don't put your money in Apple Pay right away.
No comments:
Post a Comment