Comment by JambalayaJimbo
3 days ago
What about Apple Wallet?
The reality is that there is software dependent on the user being unable to modify it. This safeguards the server against fraudulent users.
3 days ago
What about Apple Wallet?
The reality is that there is software dependent on the user being unable to modify it. This safeguards the server against fraudulent users.
The one that's so incredibly broken that Apple and Visa keep blaming eachother when they get a report that you can steal any amount by making yourself pass as a transit card ? Cool security theater. https://hackernoon.com/veritasium-stole-$10000-from-mkbhds-l...
This just sounds like a bug. Haven’t delved too deep into it technically though.
Anyway flawed implementation doesn’t mean that hardware attestation is a fundamentally useless primitive. Apple Wallet is responsible for millions of transactions a day.
Never trust user input. The users already can't modify the server.
And what actual applications did you have in mind that warrant throwing everybody under the bus? (by that I mean some applications (allegedly) need it, so it gets forced on everyone)
My banking app already trusts Face ID right now!
And how is that necessary? It's a convenience feature, nothing more. You might as well trust your bank with your biometric data directly, and leave me and others out of it either way. Even IF there was a real need for a mobile device with which general computing is not possible, that would not justify killing it everywhere just so people who do need it can "just use their phone".
That the laziest of us don't mind and the worst of us want something is not a respectable argument for anything, ever.
1 reply →