• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs


The Worm in the Apple, Part 2 - Smart Security in Apple's Latest Products iPhone 6, iPhone 6+, Apple Pay, and the Apple Watch

Last week, in true Apple fashion, Apple announced a plethora of exciting new products and features, both in hardware and software. Among the announced products are two new iPhones, a watch and a revolutionary new way to pay for things as you shop (Apple Pay). With all these shiny new toys announced, there is a lot of information to process, particularly when considering how some of these new products and features may work.

Apple Pay: How it works? Is it safe?

Apply Pay is only available on the new iPhone 6, 6 Plus and Apple Watch. Using an updated iOS8 version of Apple’s Passbook app, customers can pre-load their credit card or debit card information into their phone. Apple uses near-field communication (NFC), which is a form radio-frequency identification, as the method of transferring the data from your phone to the retailer. NFC itself is not a new technology. However, Apple does not store any of the financial information on their servers or the devices themselves. Instead, it uses a technology called “tokenization” to process payments. When the credit card information is added to Passbook, the app creates another account number known as the Device Account Number (DAN) associated with that card, which is in turn encrypted and stored on a Secure Element Chip in the phone and the watch.  Every time the user makes a purchase, there is a one-time token issued by the DAN to complete the transaction. In addition to the one-time issued token, users must place their finger on the TouchID fingerprint sensor when making a purchase. Since Apple does not keep the actual credit card information, it is not shared with the retailer, which protects your information in the case of retail POS breaches.

As with any new emerging technologies, there will always be vulnerabilities. Surely, once Apple Pay is released, hackers will be looking for those vulnerabilities. The technology seems fairly sound, but there will undoubtedly be phishing attempts and other malware issues that will try to get access to your information. The trick is to be smart about what you encounter.

Apple Pay: Best practices to stay safe

  1. Be wary of phishing attempts; Apple will never contact you asking you for your account login credentials or credit card information.
  2. If your phone gets lost or stolen, be sure to use Apple’s security features to wipe your information in order to make sure you are protected.

The New Apple Watch

The Apple watch is a brand new piece of technology announced by the company, and, contrary to its name, it does much more than just tell time. The watch is paired with your iPhone and enables you to respond to text messages, calls, emails and more. It also works as a health monitor by tracking information about your activity and measures your heart rate. Using GPS, WiFi and a built in accelerometer, it can tell where you’re going, if you’re running or walking there and can even tell if you are sitting or standing. In addition to these features, it also has access to the Apple Pay system.

Of course, there are always security concerns with a new device, and Apple seems to have covered their bases the best they can with a new piece of technology. The Apple watch has sensors on its back that are used to measure a myriad of things such as your heart rate and when the device is being worn. In order to use the Apple Pay feature with the watch, you must enter in a personal code once you put the watch on. When the device is removed, it becomes locked and the user must reenter their PIN in order to enable the device for payment authorizations.

In addition to the Apple Pay feature, the device is designed to track just about everything you do physically. That’s a lot of information to be collected by one device, so how does all of that personal information stay secure? Your health data on the Apple Watch relies on Apple’s new HealthKit app (to be released with iOS8), which resides on the iPhone. The app allows you to keep all of your data in one place on your phone and gives you the power to decide which apps can have access to the data. As long as you have your phone locked with a passcode or use TouchId, the data is securely encrypted on the phone.

How To Safely Trade In Your Old Phone

In addition to these awesome new product announcements, there is a shiny new iPhone to go along with them. As soon as the phone was announced, most carriers offered trade-in deals for your old phone. While a great incentive, there are a few things you should be aware of before you rush off to trade in the old for the new. Your old phone stores a lot of personal information on it. While handing it over to a legitimate business may seem like a safe idea, there’s no telling how many hands it passes through from the moment you trade it in to when the phone is factory refurbished.

Here are some things you’ll want to do before handing your old iOS device over:

  1. Back up all of your data to your computer. iPhones easily restore data when you upgrade to a new device.
  2. After backing up, remove all data from your old phone by doing a factory reset through iTunes on your computer.

That’s all there is to it. Following a simple and easy process can protect you and your data from falling into the wrong hands.

Once you purchase your new iPhone, here's 3 simple steps on how to secure it.

Now that you’re armed with knowledge about these remarkable new products, you can safely go out and buy that shiny new Apple you’ve had your eye on. 

This is part 2 in a 3 part Apple series. Check out part 1 to learn about how to be safe on your Mac! Part 3 addresses how to secure your iCloud account.