Security issues considered on Apple's new phones, watch and payment system

Apple Watch
Apple Watch

Apple announced its two new iPhones: the iPhone 6 and the iPhone 6 Plus yesterday. But, what caused a larger stir was the announcement of the highly-anticipated smartwatch, dubbed the Apple Watch. The three models, Watch, Watch Sport, and Watch Edition feature a new operating system built specifically for the watch. The watches use iOS integration in addition to many activity tracking features including heart rate, motion, and, along with iPhone, it can track user GPS.

Apple also announced a new NFC payment system, Apple Pay. After adding credit card information, users can pay for items at stores by touching their phone or Apple Watch to a reader, while their identity is confirmed through the Touch ID sensor. The phone creates a device-specific card number for each sale. Apple already has a vast number of retailers lined up to adopt the technology, available only in the US for the time being.

“The onus is on retailers to drive mobile payment adoption,” Josh Beck, a research analyst with Pacific Crest Securities, commented in the New York Times. “Brick and mortar sales are challenged. If Apple and others can pitch a real value proposition for merchants, then you could see the retailers push mobile payments in their stores.”

Addressing the obvious security concerns during the announcement event, Apple's chief executive, Timothy D. Cook, contrasted the new technology against the old (as used by US credit cards): “We're totally reliant on the exposed numbers and the outdated and vulnerable mag stripe, which all of us know aren't so secure.”

Echoing this sentiment, Tom Pageler, the chief information security officer at DocuSign, observed that Apple's new payment system seems to be more secure than the current system and that the NFC technology will be able to help payment companies identify unusual purchases. For example, using smartphone data such as GPS tracking, it will be easier to identify a purchase made outside a customer's usual location.

While iOS 8 is adding several new features for developers, it's doing this by opening up more of the underlying architecture – increasing the risk of a security breach and eroding one of the key differentiators between iOS and Android.

Even with “the best will in the world, companies such as Apple and Google cannot account for every potential combination of technology exploit and human engineering that could leave users wide open,” Andersen Cheng, CEO of SRD Wireless commented in an email to SCmagazineUK.com. “Consumers need to take extra care to keep their private information just that,” he went on, advising that users should seek communication that guarantees levels of encryption and authentication over and above that of the OS, ensuring that potential attackers have more obstacles in their way. Cheng pointed out that now more than ever users “must keep close control over what they do on their phones, and pay attention to just how and what they record and share.” 

However, at least in the UK, there does seem to be increasing awareness of the need for security and usability, above that of a brand name, according to a recent survey conducted by Atomik Research and commissioned by Intercede. The survey revealed that almost a third of UK consumers prioritised security over brand, while only one in five considered brand to be an important factor in purchasing a mobile device.

Though Apple might be in the global spotlight this week, the survey demonstrates that for the majority of UK customers, the brand name is “far from a priority when selecting a new device as security, functionality and ease of use take precedence.”

“Consumers are becoming very aware of the need to protect the data and digital assets stored on their handsets and now rank this feature as more important than buying the latest device from their favoured manufacturer,” Richard Parris, CEO, Intercede, wrote to SCmagazineUK.com.  Noting the recent number of high-profile security breaches, putting cyber security in the spotlight, he adds that as such awareness grows “we can expect even more people to select devices based on the security measures they offer rather than the name on the box.”