Today's event offered Apple fans a lot to get excited about: a new kind of watch, a huge iPhone and a new way to pay for things, for a start. But there was one topic where the company stayed almost completely silent. Just a week after attackers penetrated iCloud, stealing private photos from the service’s most famous users, Apple made no reference to new security features, or plans to lock down its massive infrastructure.
Can we trust Apple to keep that data safe?
On some level, this isn't surprising. The iPhone 6 was the star of the show, a show Apple has been planning for years, so it's understandable if Tim Cook didn't want to spoil the new iPhone's debut with references to this month's bad PR. Cook addressed the hack directly last week, promising expanded two-factor protections and new notifications. Isn’t that enough? But as the company rolls out ambitious plans for both health data and credit cards, it runs up against a serious question: can we trust Apple to keep that data safe? Unfortunately for Apple, it’s a question that’s getting harder and harder to answer.
WE LOST YOUR PHOTOS. Now give us your credit cards. #AppleLive— Jake Beckman (@jakebeckman) September 9, 2014
On some level, Apple Pay has a lot going for it. From a strict security perspective, it’s set up to be much more secure than a conventional credit card. It keeps credit card data as locked down as possible, relying instead on one-time payment numbers and dynamic security codes. The sensitive data is stored in a "Secure Element" enclosure that credit card companies have been promoting and testing for some time now. Thanks to TouchID, the system even has fingerprint-based authentication on its side. But its most important security feature is actually a strange admission of failure: Apple Pay appears to work completely separately from iCloud. Healthkit has the same feature, warning developers upfront not to store any sensitive health data on iCloud. It leaves Apple users in a strange place, rushing into a new infrastructure while increasingly uncertain about the security of the old one.
Apple Pay's most important security feature is actually a strange admission of failure
In the case of iCloud, the warning signs go back years. In 2012, trolls gained access to the writer Mat Honan's iCloud account with just his billing address and the last four digits of his credit card. Because of Apple's seamless connections, that meant they were able to erase all the data on his iPhone and iPad, wiping out years of family photos. In response, Apple tightened its security a little, closing some of the customer service loopholes, but the core problem of account-hijacking remained open enough for attackers to exploit two years later.
Today's rollout of iOS 8 offered the most serious solution yet, extending two-factor authentication across iCloud. For users that opt-in, it would mean a simple password would no longer be enough to access the account; you would also need an ephemeral four-digit authentication code. It’s a much stronger solution, but as PayPal can tell you, two-factor is far from an ironclad solution, and the desire for a pain-free, seamless integration often works against tight security. Apple's painful experience with the Goto Fail bug raw data instead of accounts, but it made the company seem less than adept when it comes to locking down your private info.
Apple isn't any worse at bug-hunting than its competitors
With Apple Pay, Apple will be tackling a whole new set of problems, and it’s easy to be concerned that the payments project will succumb to the same neglect as iCloud. To be clear, the problem isn't that Apple is particularly bad at security. The entire industry is bad at security, for mostly the same reasons: a complex and changing infrastructure, with little continuity and little incentive for rigorous audits. Apple isn't any worse at bug-hunting than its competitors. It's just farther ahead on everything else. Apple Pay puts more data at risk and offers more ways to get at it. That's a dangerous combination if security isn't keeping pace.
Maybe I'm wrong. Maybe the latest iCloud problems really were a wakeup call, as Cook has suggested, and the company is reviewing its protocols behind the scenes. Maybe we're headed towards a new age of network security, like the shift Microsoft pulled off in the late 90s. The company certainly has the resources to make that kind of course correction if it wants to. I hope it happens. But on the heels of Apple’s biggest announcement in years, I'm more worried than ever.