十年之前，一群約翰•霍普金斯大學的研究生就已經在嘗試攻擊在商業領域處于比較流行的近距離無線通訊技術（NFC）為基礎的支付系統——這項技術就是蘋果最新的移動支付系統的核心所在。這群研究生花費了幾千美元制作了一個小裝置，并經過幾個月的努力，最終使埃克森美孚公司的電子收費系統，被攻擊得體無完膚。
這次攻擊之所以能夠成功的關鍵之處在于使用了逆向工程（又稱逆向技術，是一種產品設計技術再現過程，即對一項目標產品進行逆向分析及研究，從而演繹并得出該產品的處理流程、組織結構、功能特性及技術規格等設計要素，以制作出功能相近，但又不完全一樣的產品。），使得計算機芯片中關于電子收費系統的支付信息流出。通過可以放置在越野車后座上的這種裝置，這群研究生可以不費吹灰之力地惡搞?？松梨诠镜碾娮又Ц睹荑€卡。
“我們可以出去用你們的名義買各種東西。”現任約翰•霍普金斯大學專門從事密碼學的研究教授Matthew Green回想起當初的經歷，“那真是個非常有趣的實驗。”
對于蘋果支付技術的安全性而言，這聽起來就像一個警示。在星期二的蘋果發布會上，蘋果公司宣稱，全新、高效而又安全的支付手段——Apple支付可以購買絕大部分商品。專家們對于這項技術激動地贊不絕口，談論著這項技術是將安全交易帶入了一個新的時代，并可以終結數據泄漏，這“老大難”的問題，讓最近幾年遭受打擊的絕大部分零售商看到了一絲曙光。
那其中的原因是什么呢？
首先，決定性的差距就在電子收費密鑰卡與蘋果支付的依托工具-----iPhone之間。密鑰卡是不會說話的，它除了傳遞著信息之外，沒有絲毫其他的用處，但是一臺iPhone是非常智能的。它不僅僅能傳遞信息還能夠對使用者的行為進行再一次確認，比如:你真的打算買價值75美元的汽油嗎？ iPhone的主人還要通過將手指放在Home鍵上完成指紋認證，才能完成本次交易。這項指紋識別技術從5S上就已經開始使用了，在最新的iPhone6和iPhone6 Plus上也同樣適用。
專家們認為，這兩步走的程序，為涉及巨額資金的交易提供了足夠的安全保障，因此，這項技術是交易領域長足的進步。尤其對于美國而言，過時的信用卡技術在世界上正在逐漸被取代，這是個漫長的過程，所以，信用卡技術依舊還是目前常見的、規范性的交易手段。這給犯罪分子提供了大量可以用計算機進行黑客攻擊的機會，作為已被黑客攻擊過的倒霉鬼，尼曼，家得寶等大牌公司還有他們的消費者們都深受其害。
但是，更安全，甚至是更加更加安全都不能等同于絕對安全。蘋果最近就再一次成為了“反面教材”。雖然安全學專家聲稱，從病毒、黑客攻擊、政府管制等各個角度來說，蘋果系統大體上是比安卓系統安全性更強的。但超強的安全系統依舊沒能擋住一些庸俗而又頑強的犯罪分子，他們找到了某種方法竊取了十多位好萊塢明星的私密照并將其放到了網站上。（這就是最近鬧得沸沸揚揚的“好萊塢艷照門事件”。）
對于蘋果照片安全性不足的弱點，各位專家已經得出結論，問題不在于iPhone本身拍攝照片的原因，而是因為蘋果云服務，它比蘋果機子年輕許多，因而更比機子本身缺少了一些安全性。
那么，Apple支付的軟肋又在哪里？蘋果機子本身擁有一套行之有效的安全系統裝置。但你的指紋是可以造假的。人們總會不經意間在四處留下自己的指紋，尤其在他們智能手機的玻璃表面。有人能夠偷取你的指紋，并在你毫不知情的情況下，使用你的手機驗證并購買商品嗎？（我們不得而知。）(更多全球資訊請關注中國進出口網)

A decade ago, a group of Johns Hopkins University grad students tried to hack one of the first commercially popular Near Field Communication payment systems – the kind of technology at the heart of Apple’s new mobile payment system. It took a few thousand dollars in gear and a few months of work. But the system, ExxonMobil's Speedpass, was entirely hackable.



The key was reverse engineering the computer chip that broadcast the payment information for Speedpass. With hacking gear loaded into the back seat of an SUV, the students were able to spoof the Speedpass key fob.

“We could then just go out and buy things in your name,” recalled Matthew Green, now a research professor at Johns Hopkins’ who specializes in cryptography. “It was a fun project.”
That may sound like a cautionary tale about the security of Apple Pay, which the company announced to fanfare on Tuesday as an efficient, secure new way to pay for a wide range of goods. But in fact, experts are excited about Apple Pay, arguing that it may herald a new era in transaction security and help end the rash of data breaches that have hit major retailers in recent years.
Why?
For starters, there are crucial differences between a Speedpass key fob and the iPhone that will be at the heart of Apple Pay. A key fob is dumb; it can transmit information but can’t do much else. An iPhone is smart; it can transmit information but also ask its user questions, such as: Do you really want to buy $75 worth of gas? To complete the transaction, the owner of the iPhone will have to confirm payment by placing a finger on the iPhone’s fingerprint reader, which comes standard on the iPhone 5S, as well the new iPhone 6 and iPhone 6 Plus.
This two-step process, experts say, could mark a major step forward in security of billions of dollars of transactions every day, particularly in the United States wher antiquated credit card technology – long replaced in much of the world – is still the norm. This offers criminals mass hacking opportunities, as Target, Neiman Marcus, Home Depot and their customers have learned to their great dismay.
But more secure – even much more secure – is not the same as totally secure. Again, Apple offers a useful example. Security experts say iPhones are, in general, more secure than Android phones from viruses, hacks and government surveillance. But that superior security didn’t stop some sleazy, tenacious criminals from finding a way to steal intimate pictures from dozens of Hollywood celebrities and post them online.
The weak point in Apple’s photo security, several experts have concluded, was not the iPhones used for taking many of the pictures; instead it was Apple’s iCloud service, which is both newer and, less secure than the iPhone itself.
So what is the weak point in Apple Pay? Again, the iPhone itself has a strong set of security systems. The same may not be true of your thumb. People leave fingerprints everywher, especially on the glass surfaces of their smartphones. Could somebody steal your thumb print and verify a purchase on Apple Pay without the actual iPhone’s owner knowing?
(更多全球資訊請關注中國進出口網)