蘋果最新科技:Apple Payment 支付功能
A decade ago, a group of Johns Hopkins University grad students tried to hack one of the first commercially popular Near Field Communication payment systems – the kind of technology at the heart of Apple’s new mobile payment system. It took a few thousand dollars in gear and a few months of work. But the system, ExxonMobil's Speedpass, was entirely hackable.
十年之前,一羣約翰•霍普金斯大學的研究生就已經在嘗試攻擊在商業領域處於比較流行的近距離無線通訊技術(NFC)爲基礎的支付系統——這項技術就是蘋果最新的移動支付系統的核心所在。這羣研究生花費了幾千美元製作了一個小裝置,並經過幾個月的努力,最終使埃克森美孚公司的電子收費系統,被攻擊得體無完膚。
The key was reverse engineering the computer chip that broadcast the payment information for Speedpass. With hacking gear loaded into the back seat of an SUV, the students were able to spoof the Speedpass key fob.
這次攻擊之所以能夠成功的關鍵之處在於使用了逆向工程(又稱逆向技術,是一種產品設計技術再現過程,即對一項目標產品進行逆向分析及研究,從而演繹並得出該產品的處理流程、組織結構、功能特性及技術規格等設計要素,以製作出功能相近,但又不完全一樣的產品。),使得計算機芯片中關於電子收費系統的支付信息流出。通過可以放置在越野車後座上的這種裝置,這羣研究生可以不費吹灰之力地惡搞埃克森美孚公司的電子支付密鑰卡。“We could then just go out and buy things in your name,” recalled Matthew Green, now a research professor at Johns Hopkins’ who specializes in cryptography. “It was a fun project.”
“我們可以出去用你們的名義買各種東西。”現任約翰•霍普金斯大學專門從事密碼學的研究教授Matthew Green回想起當初的經歷,“那真是個非常有趣的實驗。”
That may sound like a cautionary tale about the security of Apple Pay, which the company announced to fanfare on Tuesday as an efficient, secure new way to pay for a wide range of goods. But in fact, experts are excited about Apple Pay, arguing that it may herald a new era in transaction security and help end the rash of data breaches that have hit major retailers in recent years.
對於蘋果支付技術的安全性而言,這聽起來就像一個警示。在星期二的蘋果發佈會上,蘋果公司宣稱,全新、高效而又安全的支付手段——Apple支付可以購買絕大部分商品。專家們對於這項技術激動地讚不絕口,談論着這項技術是將安全交易帶入了一個新的時代,並可以終結數據泄漏,這“老大難”的問題,讓最近幾年遭受打擊的絕大部分零售商看到了一絲曙光。Why?
那其中的原因是什麼呢?For starters, there are crucial differences between a Speedpass key fob and the iPhone that will be at the heart of Apple Pay. A key fob is dumb; it can transmit information but can’t do much else. An iPhone is smart; it can transmit information but also ask its user questions, such as: Do you really want to buy $75 worth of gas? To complete the transaction, the owner of the iPhone will have to confirm payment by placing a finger on the iPhone’s fingerprint reader, which comes standard on the iPhone 5S, as well the new iPhone 6 and iPhone 6 Plus.
首先,決定性的差距就在電子收費密鑰卡與蘋果支付的依託工具-----iPhone之間。密鑰卡是不會說話的,它除了傳遞着信息之外,沒有絲毫其他的用處,但是一臺iPhone是非常智能的。它不僅僅能傳遞信息還能夠對使用者的行爲進行再一次確認,比如:你真的打算買價值75美元的汽油嗎? iPhone的主人還要通過將手指放在Home鍵上完成指紋認證,才能完成本次交易。這項指紋識別技術從5S上就已經開始使用了,在最新的iPhone6和iPhone6 Plus上也同樣適用。This two-step process, experts say, could mark a major step forward in security of billions of dollars of transactions every day, particularly in the United States where antiquated credit card technology – long replaced in much of the world – is still the norm. This offers criminals mass hacking opportunities, as Target, Neiman Marcus, Home Depot and their customers have learned to their great dismay.
專家們認爲,這兩步走的程序,爲涉及鉅額資金的交易提供了足夠的安全保障,因此,這項技術是交易領域長足的進步。尤其對於美國而言,過時的信用卡技術在世界上正在逐漸被取代,這是個漫長的過程,所以,信用卡技術依舊還是目前常見的、規範性的交易手段。這給犯罪分子提供了大量可以用計算機進行黑客攻擊的機會,作爲已被黑客攻擊過的倒黴鬼,尼曼,家得寶等大牌公司還有他們的消費者們都深受其害。But more secure – even much more secure – is not the same as totally secure. Again, Apple offers a useful example. Security experts say iPhones are, in general, more secure than Android phones from viruses, hacks and government surveillance. But that superior security didn’t stop some sleazy, tenacious criminals from finding a way to steal intimate pictures from dozens of Hollywood celebrities and post them online.
但是,更安全,甚至是更加更加安全都不能等同於絕對安全。蘋果最近就再一次成爲了“反面教材”。雖然安全學專家聲稱,從病毒、黑客攻擊、政府管制等各個角度來說,蘋果系統大體上是比安卓系統安全性更強的。但超強的安全系統依舊沒能擋住一些庸俗而又頑強的犯罪分子,他們找到了某種方法竊取了十多位好萊塢明星的私密照並將其放到了網站上。(這就是最近鬧得沸沸揚揚的“好萊塢豔照門事件”。)The weak point in Apple’s photo security, several experts have concluded, was not the iPhones used for taking many of the pictures; instead it was Apple’s iCloud service, which is both newer and, less secure than the iPhone itself.
對於蘋果照片安全性不足的弱點,各位專家已經得出結論,問題不在於iPhone本身拍攝照片的原因,而是因爲蘋果雲服務,它比蘋果機子年輕許多,因而更比機子本身缺少了一些安全性。So what is the weak point in Apple Pay? Again, the iPhone itself has a strong set of security systems. The same may not be true of your thumb. People leave fingerprints everywhere, especially on the glass surfaces of their smartphones. Could somebody steal your thumb print and verify a purchase on Apple Pay without the actual iPhone’s owner knowing?
那麼,Apple支付的軟肋又在哪裏?蘋果機子本身擁有一套行之有效的安全系統裝置。但你的指紋是可以造假的。人們總會不經意間在四處留下自己的指紋,尤其在他們智能手機的玻璃表面。有人能夠偷取你的指紋,並在你毫不知情的情況下,使用你的手機驗證併購買商品嗎?(我們不得而知。)
