蘋(píng)果Apple Payment支付功能
十年之前,,一群約翰•霍普金斯大學(xué)的研究生就已經(jīng)在嘗試攻擊在商業(yè)領(lǐng)域處于比較流行的近距離無(wú)線通訊技術(shù)(NFC)為基礎(chǔ)的支付系統(tǒng)——這項(xiàng)技術(shù)就是蘋(píng)果最新的移動(dòng)支付系統(tǒng)的核心所在,。這群研究生花費(fèi)了幾千美元制作了一個(gè)小裝置,并經(jīng)過(guò)幾個(gè)月的努力,,最終使??松梨诠镜碾娮邮召M(fèi)系統(tǒng),被攻擊得體無(wú)完膚,。
這次攻擊之所以能夠成功的關(guān)鍵之處在于使用了逆向工程(又稱逆向技術(shù),,是一種產(chǎn)品設(shè)計(jì)技術(shù)再現(xiàn)過(guò)程,即對(duì)一項(xiàng)目標(biāo)產(chǎn)品進(jìn)行逆向分析及研究,,從而演繹并得出該產(chǎn)品的處理流程,、組織結(jié)構(gòu)、功能特性及技術(shù)規(guī)格等設(shè)計(jì)要素,,以制作出功能相近,,但又不完全一樣的產(chǎn)品,。),使得計(jì)算機(jī)芯片中關(guān)于電子收費(fèi)系統(tǒng)的支付信息流出,。通過(guò)可以放置在越野車后座上的這種裝置,,這群研究生可以不費(fèi)吹灰之力地惡搞埃克森美孚公司的電子支付密鑰卡,。
“我們可以出去用你們的名義買各種東西,。”現(xiàn)任約翰•霍普金斯大學(xué)專門(mén)從事密碼學(xué)的研究教授Matthew Green回想起當(dāng)初的經(jīng)歷,“那真是個(gè)非常有趣的實(shí)驗(yàn),。”
對(duì)于蘋(píng)果支付技術(shù)的安全性而言,,這聽(tīng)起來(lái)就像一個(gè)警示。在星期二的蘋(píng)果發(fā)布會(huì)上,,蘋(píng)果公司宣稱,,全新、高效而又安全的支付手段——Apple支付可以購(gòu)買絕大部分商品,。專家們對(duì)于這項(xiàng)技術(shù)激動(dòng)地贊不絕口,,談?wù)撝@項(xiàng)技術(shù)是將安全交易帶入了一個(gè)新的時(shí)代,并可以終結(jié)數(shù)據(jù)泄漏,,這“老大難”的問(wèn)題,,讓最近幾年遭受打擊的絕大部分零售商看到了一絲曙光。
那其中的原因是什么呢,?
首先,,決定性的差距就在電子收費(fèi)密鑰卡與蘋(píng)果支付的依托工具-----iPhone之間。密鑰卡是不會(huì)說(shuō)話的,,它除了傳遞著信息之外,,沒(méi)有絲毫其他的用處,但是一臺(tái)iPhone是非常智能的,。它不僅僅能傳遞信息還能夠?qū)κ褂谜叩男袨檫M(jìn)行再一次確認(rèn),,比如:你真的打算買價(jià)值75美元的汽油嗎? iPhone的主人還要通過(guò)將手指放在Home鍵上完成指紋認(rèn)證,,才能完成本次交易,。這項(xiàng)指紋識(shí)別技術(shù)從5S上就已經(jīng)開(kāi)始使用了,在最新的iPhone6和iPhone6 Plus上也同樣適用,。
專家們認(rèn)為,,這兩步走的程序,為涉及巨額資金的交易提供了足夠的安全保障,,因此,,這項(xiàng)技術(shù)是交易領(lǐng)域長(zhǎng)足的進(jìn)步。尤其對(duì)于美國(guó)而言,,過(guò)時(shí)的信用卡技術(shù)在世界上正在逐漸被取代,,這是個(gè)漫長(zhǎng)的過(guò)程,,所以,信用卡技術(shù)依舊還是目前常見(jiàn)的,、規(guī)范性的交易手段,。這給犯罪分子提供了大量可以用計(jì)算機(jī)進(jìn)行黑客攻擊的機(jī)會(huì),作為已被黑客攻擊過(guò)的倒霉鬼,,尼曼,,家得寶等大牌公司還有他們的消費(fèi)者們都深受其害。
但是,,更安全,,甚至是更加更加安全都不能等同于絕對(duì)安全。蘋(píng)果最近就再一次成為了“反面教材”,。雖然安全學(xué)專家聲稱,,從病毒、黑客攻擊,、政府管制等各個(gè)角度來(lái)說(shuō),,蘋(píng)果系統(tǒng)大體上是比安卓系統(tǒng)安全性更強(qiáng)的。但超強(qiáng)的安全系統(tǒng)依舊沒(méi)能擋住一些庸俗而又頑強(qiáng)的犯罪分子,,他們找到了某種方法竊取了十多位好萊塢明星的私密照并將其放到了網(wǎng)站上,。(這就是最近鬧得沸沸揚(yáng)揚(yáng)的“好萊塢艷照門(mén)事件”。)
對(duì)于蘋(píng)果照片安全性不足的弱點(diǎn),,各位專家已經(jīng)得出結(jié)論,,問(wèn)題不在于iPhone本身拍攝照片的原因,而是因?yàn)樘O(píng)果云服務(wù),,它比蘋(píng)果機(jī)子年輕許多,因而更比機(jī)子本身缺少了一些安全性,。
那么,,Apple支付的軟肋又在哪里?蘋(píng)果機(jī)子本身?yè)碛幸惶仔兄行У陌踩到y(tǒng)裝置,。但你的指紋是可以造假的,。人們總會(huì)不經(jīng)意間在四處留下自己的指紋,尤其在他們智能手機(jī)的玻璃表面,。有人能夠偷取你的指紋,,并在你毫不知情的情況下,使用你的手機(jī)驗(yàn)證并購(gòu)買商品嗎,?(我們不得而知,。)(更多全球資訊請(qǐng)關(guān)注中國(guó)進(jìn)出口網(wǎng))
A decade ago, a group of Johns Hopkins University grad students tried to hack one of the first commercially popular Near Field Communication payment systems – the kind of technology at the heart of Apple’s new mobile payment system. It took a few thousand dollars in gear and a few months of work. But the system, ExxonMobil's Speedpass, was entirely hackable.
The key was reverse engineering the computer chip that broadcast the payment information for Speedpass. With hacking gear loaded into the back seat of an SUV, the students were able to spoof the Speedpass key fob.
“We could then just go out and buy things in your name,” recalled Matthew Green, now a research professor at Johns Hopkins’ who specializes in cryptography. “It was a fun project.”
That may sound like a cautionary tale about the security of Apple Pay, which the company announced to fanfare on Tuesday as an efficient, secure new way to pay for a wide range of goods. But in fact, experts are excited about Apple Pay, arguing that it may herald a new era in transaction security and help end the rash of data breaches that have hit major retailers in recent years.
Why?
For starters, there are crucial differences between a Speedpass key fob and the iPhone that will be at the heart of Apple Pay. A key fob is dumb; it can transmit information but can’t do much else. An iPhone is smart; it can transmit information but also ask its user questions, such as: Do you really want to buy $75 worth of gas? To complete the transaction, the owner of the iPhone will have to confirm payment by placing a finger on the iPhone’s fingerprint reader, which comes standard on the iPhone 5S, as well the new iPhone 6 and iPhone 6 Plus.
This two-step process, experts say, could mark a major step forward in security of billions of dollars of transactions every day, particularly in the United States wher antiquated credit card technology – long replaced in much of the world – is still the norm. This offers criminals mass hacking opportunities, as Target, Neiman Marcus, Home Depot and their customers have learned to their great dismay.
But more secure – even much more secure – is not the same as totally secure. Again, Apple offers a useful example. Security experts say iPhones are, in general, more secure than Android phones from viruses, hacks and government surveillance. But that superior security didn’t stop some sleazy, tenacious criminals from finding a way to steal intimate pictures from dozens of Hollywood celebrities and post them online.
The weak point in Apple’s photo security, several experts have concluded, was not the iPhones used for taking many of the pictures; instead it was Apple’s iCloud service, which is both newer and, less secure than the iPhone itself.
So what is the weak point in Apple Pay? Again, the iPhone itself has a strong set of security systems. The same may not be true of your thumb. People leave fingerprints everywher, especially on the glass surfaces of their smartphones. Could somebody steal your thumb print and verify a purchase on Apple Pay without the actual iPhone’s owner knowing?
(更多全球資訊請(qǐng)關(guān)注中國(guó)進(jìn)出口網(wǎng))