Will nude pics be the undoing of Apple’s iWallet?
Apple must be livid about the timing of the latest media feeding frenzy involving a clutch (101 to be precise) of celebrities and their, shall we say, photographic indiscretions. After the photographs were taken, they were uploaded to the cloud for backup, most noticeably the Apple iCloud (all celebrities apparently use iPhones - perhaps it’s in their product placement contracts or something). So far so good. Then some sneaky hackers target them, crack the iCloud security, steal the photographs, release said photographs into the wild and announce their score on the 4CHAN network. Bad Apple! Lousy security in your cloud! How could you let this happen?
I said that Apple must be livid with the timing because even though I do not believe that iCloud was just hacked like that, having this happen just a week away from their release of an expected iWallet is not the kind of security-breach media attention that the company would relish. There have been some company statements put out by Apple and while some of my counterparts in the industry point out that Apple is a new company under the guidance of Tim Cook - I don’t think that Apple has changed that much when it comes to releasing unnecessary tit-bits to the media. Which, I think, shows just how shook up they are about the timing and potential fallout. Even if Apple were blameless, the high-profile incident erodes the perception that iCloud is a secure service and could create doubts about Apple's ability to protect other sensitive information, such as users’ payment information.
Apple is expected to launch a mobile wallet (of some kind) next week when it unveils its next iPhone, and has reportedly partnered with Visa, MasterCard and American Express as part of this effort. Last year, Apple put a stake in the ground for a mobile wallet through the launch of the iCloud keychain, which stores users' credit card information for online shopping. David Heun, writing in PaymentSource quoted a Richard Crone, chief executive of San Carlos, Calif.-based payments consulting firm Crone Consulting LLC, when asked about the breach he said, "Apple has to provide the utmost of security and strong authentication to really assure the consuming public that their personal information and payment credentials are safe.” I think we all agree with that.
On its website, Apple has a published reply in response to the security breach, “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions… None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone."
"They have the ability to do multi-factor authentication that ties the device to the consumer, their user name and password to that device, with biometrics capability for simplifying the process as well. A hacker getting through the front door of iCloud to steal photos is far different than the ‘Fort Knox’ that Apple has in securing and protecting payment credentials," Crone added in the PaymentsSource piece. “And Apple has already demonstrated its ability to protect payment data through the 800 million iTunes accounts it manages. No bank has that many payment credentials stored”, he added.
David Linthicum, InfoWorld, agrees that the breach is unlikely to have come from a brute force attack upon the cloud system itself. He writes, “Let's get this straight: All clouds and all traditional systems are vulnerable to attack. There's always some way to get in, even if it's scamming somebody to give up their user ID and password (the good, old-fashioned phishing method that was the actual cause of the iCloud breach), guessing passwords, or pushing your way in. There are many very effective security measures to lower the risks, but there is always a risk. Get over it. For the most part, clouds are not part of the problem. Only a small percentage of systems and data exists on cloud-based platforms, and enterprises have taken care to lock them up pretty tight. Indeed, if there are any breaches, they seem to be associated with more traditional on-premises systems, such as the Target breach earlier this year and the Sony breach a few years ago. Of course, they are often portrayed as cloud issues, but they are clearly not clouds.
In the case of the iCloud breach, Apple can take steps to ensure this type of event is unlikely to occur in the future, such as tightening its second-factor authentication to make phishing less effective. (In fact, Apple plans to do just that.) However, when people are involved, there is always the element of human error. That's what phishing actually targets, and there's no technology cure for that ailment.”
Whatever the intricacies of the breach were, the importance of data security is rising on the list of concerns from users of mobile or online transactional platforms. The wrong brand image can be extremely detrimental when pushing a new product. Mobile wallets can be an especially tough sell and brand image is a key element in winning their trust.
The group behind the Isis mobile wallet learned this lesson, and committed to rebrand their product to eliminate any possible association with the ISIS militant group. They made their announcement last week and revealed to the world that they are no longer Isis but… Softcard. Softcard! Seriously? Knowing how important this was, with a fairly disappointing take-up of the wallet (not in the eyes of the telco partners, obviously), a piece of real bad luck with brand name association, the wallet platform decides to not only change the entire look and feel of the brand but rename it to something that sound as though it could be found in a geek’s lunch box. Was this a re-brand or a complete re-launch of the wallet? More importantly, will it matter? I don’t want kick ’Softcard’ while they are down but something drastic has to happen to turn this around and I don’t think this re-brand/re-launch is it.
Perhaps it’s because technology just keeps rolling on in the mobile payment sphere. Case in point - the new PayByAss technology, as can be seen in the video below. Why use fingerprint, iris scans or PIN numbers when all you have to do is drop your trousers and sit on a scanner? Don’t know what I’m talking about? Then take a look at the video here. It is well put together and dare I say it? Priceless? Also, if you work for some of the big names in payment, can you spot YOUR CEO in the video?
Next week we will be talking iWallet, or lack of it. Or NFC, or BLE or something else entirely with a small ‘i’ placed in from of it. Either way it is probably going to be about Apple. Again…
Until next week,
Steve Atkins
Contactless Intelligence
![]()
