Did Apple just boost mobile security?

I have been working on mobile security for many years, and things haven’t moved much: justifying mobile security is always painful. Whyshould Ispend more money? There aren’t that many attacks! Some business use cases seemed like a good justification, but the economics are unclear and remain in the order of “if youget hacked, it could cost you a lot of money”.

With iPay, Apple just proved to many people that mobile security can have a favorable economics. By embedding a biometric sensor and putting their critical credentials on an embedded secure element, they have been able to negotiate a lower transaction fees on their payments and save millions in the future. Mobile security brings millions instead of just boring geek stuff? Now, that’s innovation.

Of course, the security of the iPhone 6 must live up to these high expectations. As much as the latest announcements bring a boost to mobile security, the announcement of a hack allowing a guy to steal a phone and use it “illegally” has the power to bring us back to the dark ages.


The Off-Card Bytecode Verifier is fine, thank you!

REWRITTEN on 23 Nov. 2013. A few weeks ago, a friend sent me a link to the Cardis program, with the message “A bug in the verifier?”. Looking at the program, I saw a paper entitled Manipulating frame information with an Underflow attack undetected by the Off-Card Verifier, by Thales Communications and Security. This sounded […]


Twitter going feudal on security

I have recently experienced security issues with Twitter, as my account was in some way hacked. And I am not happy of the way Twitter handles this situation. First, here are the facts that I know: Two weeks ago, a got an e-mail from a colleague warning me that he just received a spam Direct […]


Experimenting NFC, things

Following my little NFC rants, I have kept on experimenting with Android NFC applications and reading about the Internet of Things (experimenting remains harder, here). The combination is trendy these days, as this week will see the launch of a new initiative in France with the French chapter of ACM SIGOPS (in French). I won’t […]


NFC Tags to Empower Users in The Internet of Everything Else

Here is a continuation to my ramblings about the solely private use of NFC tags. I have already mentioned that there would be many benefits in considering some tags as public goods, and now, I wll focus on tags to be associated to things, as owned by companies or individuals. I have pompously called this […]


NFC tags as Public Goods

I have now seen a number of NFC applications, and they all have something in common: they consider their tags as a private and exclusive property. They believe that they will be the only application using this tag. That may be true in some cases, where tags are deployed inside the premises of a company […]


POPWings again, after MWC

I now have two POPWings cards, as I made a new one with my professional contact information on Gemalto’s MWC booth yesterday. I also have had the ability to “pop” one or two persons, giving me a better experience of the application. So, I owe an apology to POPWings here. When I first tried their […]


POPWings is a cool business card, but where is the platform?

UPDATED March 1st, 2013: See follow-up article. I have been quite happy to hear a few weeks ago that Gemalto finally decided to consider NFC as more than secure services, by launching their POPWings service. I immediately ordered one of their business cards, excited to get a new NFC service. So, I got a card […]


RFID in schools, or Security vs. Transparency

I recently became enthusiastic about how wonderful transparent security would be. I still feel that way, but we also need to define limits on transparency. The example of a girl being expelled from her school because she refuses to wear a RFID badge (through @stoweboyd) is interesting. The issue is rather simple. A school has […]


Convenience vs. Security vs. (Perceived) Security

Yesterday, @poulpita tweeted a link to a blog explaining that convenience keeps winning against security. The main argument in this blog is about iOS6’s Passbook, which can store credit card numbers, for your convienience. The reasoning goes on with a comparison of the security merits of a credit card number stored on Passbook and a […]