Thinking of security over Apple’s live stream bummer

September 9, 2014

What other company than Apple could make such a magnificent show out of a regular new product announcement? Today, they made their best effort to showcase the new iPhones, Apple Watch and the NFC-based payment system. Great! Or not so, at least for those who watched the live stream, like I did. Today was the first time when glitches, hiccups and network congestions made me feel aggravated about Apple, rather than astounded by the new iDevices. Seriously, Apple, you could ruin every other presentation except this one!

As I was struggling with the unavailability of Apple’s website, the weird live Chinese synchro translation, and a video stream going back and forth in time, I had enough time to sum up all the recent security issues around Apple ecosystem: Celebrity hack. Increasing amount of data stored in iCloud. Bad reputation of fingerprint identification. At the same time, there is no doubt that Apple is still a great company making great devices and services. Therefore, while making this overview I adopted a two-sided approach, starting with a highly skeptical headline, but trying to be fair afterwards. So here we go.

Apple Pay. Next time cybercriminals will not mess with celebrities’ pics, but their money.

Apple is trying to simplify the process of electronic payments (be it online or in-store via credit card). All you need is your iPhone. Or Apple Watch. No credit cards, no need to punch those numbers in online stores, remembering CVCs and expiration dates.

The only concern is that your iCloud account controls not only your private photos, app data, messages, but also your money. You lose your password – you lose everything and as the celebrity hack showed us, there isn’t even a need to hack Apple’s servers. Social engineering, phishing, trojans – all cybercriminal tools will now be targeted at people’s electronic wallets. Of course, Apple took a lot of security measures, it can be seen even from the not-so-technical keynote. But we are witnessing the fact that our electronic devices are becoming even more important parts of our life. The problem of protecting those devices should be taken very seriously.

Apple Watch. How dangerous is your heartbeat data?

A smart criminal can make use of every type of personal data that is available. The greatest example is spear-phishing – an attack that includes sending e-mail to potential victims with tailored content, based on the specifics of a company or a person. How dangerous could it be to leak not your credit card number, but your heartbeat statistics? Such data could certainly be useful for your competitor: simply to evaluate the level of confidence, for example.

So what should we do? Get rid of all tracking devices? Recently we explained that sticking with obsolete technology is not the best strategy. Yes, the industry of mobile devices is still in its early stages of development (see analysis here), but all one has to do is just think twice before storing or sharing some sensitive data. Leave your corporate documents in the encrypted vault on your PC or Mac, don’t share everything on your iPhone or other mobile device. And don’t panic. At least until “early 2015” we still have time to live without potential spies on our wrists.

Bigger isn’t always better

Introducing two king-size iPhones seems like a radical departure from Apple’s previous messages. Actually, this is not a problem at all: consumers have adopted big-screen mobile devices already and there is no indication that Apple’s choice is the wrong one. But lots and lots of applications will require upgrades. New screen resolutions, new version of iOS and new 64-bit architecture will eventually divide the current range of apps into “actual” and “obsolete”. Thanks to the fragmentation of Android platform, many developers have gotten used to this situation already, but some dedicated corporate apps could be at risk.

Judging by the Twitter feed, many people see today’s event as a mere evolution of Apple’s ecosystem. But it’s wrong to view it that way. Wider adoption of electronic payments, even more user data collected, processed, and shared via the cloud means a lot and makes the attack surface larger. That’s progress. I hope that Apple took all precautions against all that user data ending up in the wrong hands (and did better at security than at doing live streams). We know that hardware vendors cannot make our data 100% safe. They just make the tools that have to be used thoughtfully with all necessary precautions.

To end the blog post on the positive side: Apple’s new OS X Yosemite is way better in terms of compatibility with Windows-based corporate infrastructure. Not enough to conduct a special event, but good news for IT pros and users alike.