Bitcoin iOS Vulnerability Spoofs Apple Pay, Bitcoin the Better Option?
Jp Buntinx · @http://twitter.com/jdebunt | Jun 05, 2015 | 21:40
The Rundown
Many Bitcoin enthusiasts around the world are keeping a close eye on the developments being made in the mobile payments industry. Cashless transactions are on the rise in several countries around the world, and the shifting paradigm leaves the door open for alternative payment methods to gain a foothold. While Apple Pay may seem to be a strong contender, a recent security vulnerability may have you think twice about using it. And that gives Bitcoin an even bigger opportunity to make a worldwide impact.
Also read: ProudSource Puts New Spin on Bitcoin Peer-to-peer Lending
Cashless Transactions Lead to Increase in Card Payments
Credit cards are a convenient way to pay for goods and services, both in the offline and online space. It does not require cash to transfer hands, your financial information is protected by the bank issuing the credit card, and payments are completed in a few seconds. And with cashless transactions on the rise around the world, card payments are becoming increasingly popular for consumers.
As technology evolves at an accelerated pace, several companies are looking at ways to let consumers make card payments without physically using their credit card. Most everyday consumers have a smartphone at their disposal, and it would be even more convenient to make a credit card payment from your phone, without having to show the actual card. In theory, this sounds like a very secure platform, as you are not sharing financial information with anyone.
Users would simply need to use an application – Google Wallet, Apple Pay or any of the other mobile apps in existence – and link their card details to their account. Participating retailers can then accept your mobile payments, which are deducted from your linked credit card. No need to swipe your card, put down a signature or worry that someone might steal your credit card information.
Unfortunately, that is not how this system works. By linking credit card information to a mobile application such as Apple Pay, consumers are putting their financial information at risk. In fact, the risk is even bigger than completing a regular card transaction, as most everyday consumers are less worried about security on their mobile phone. By using the card in person, people automatically shield their card details from others waiting in line and monitor the transaction process with their own eyes.
iOS Vulnerability Spoofs Apple Pay to Steal Credit Card Information
That being said, major companies such as Apple and Google are working on making their mobile payment options more secure. Researchers at Wandera, a mobile security company, recently discovered Apple’s iOS has a severe security vulnerability. Malicious individuals could use this vulnerability to create a fake “captive portal” imitating the Apple Pay interface. As a result, credit card details and personal information would be used for nefarious intentions.
In order to make this iOS vulnerability effective, it only requires the mobile user to have Wifi turned on. It goes without saying this will be the case for nearly anyone who is frequenting places accepting Apple Pay, and offering free WiFi connectivity. A little-known fact is that most operating systems will always look to connect to access points with a certain name (or SSID.) A malicious individual spoofing that SSID could redirect unsuspecting users to a web page collecting your information.
Wandera CEO Eldar Tuvey told the media:
“In high footfall locations, even a very small ratio of success will yield a large number of valuable credit card numbers. It’s all so easy for them. Using readily available technology, which they may be discreetly carrying about their person, hackers can for the first time focus their efforts where their victims are at their most susceptible—at the checkout.”
Opportunity for Bitcoin To Shine
The iOS security vulnerability is a serious matter, which will hopefully be fixed soon. However, this goes to show you that using credit cards – linked to a mobile application – are not the most secure way of payment. In fact, most Bitcoin enthusiasts strongly feel that credit cards were never intended for mass purchases in the online world, let alone be used as a mobile payment option.
Bitcoin, on the other hand, has always been an alternative payment method working on any device, in any country, without relying on a centralized service such as Apple Pay. Not only does Bitcoin offer many advantages for the merchants – lower fees, conversion to fiat currency within one business day,…- but it’s also beneficial to consumers in terms of ease-of-use.
Paying with Bitcoin can be done through either a laptop, desktop or mobile device. Sending money can be done by either entering an address manually or scanning a QR code, similar to how solutions like Apple Pay would work. The only difference is that, with Bitcoin, there are no web forms to enter credit card details or personal information (in most cases.)
What do you think about the Apple vulnerability? Comment below!
Source: Ars Technica
Images courtesy of Apple Pay, Wandera, and Shutterstock
