Day one Apple TV security issues take center stage
The new Apple TV, as a revamped, app-heavy platform, promises to take the set-top box and casual gaming console to new heights and disrupt both industries to no small degree. But for a company so dedicated to secure user authentication, the device’s launch software’s lack of security is open to scrutiny.
In short, Apple TV needs a keyboard.
For obvious reasons (cost considerations being the chief one), such a feature couldn’t be included with the controlling unit or bundle itself, but we all expected — rightfully so — that Apple’s official Remote app would be updated to support Apple TV by its first day of availability. We can only imagine that it’s in the process of being revamped for the new experience, but the fact that it’s not ready yet indicates a major lapse in judgment and a major oversight re: private user information.
Want to buy an app from the App Store? Enter your password (or, worse, turn off password protection altogether, and try to get refunds for your kid’s hyperactive IAP proclivities). Of course, you better make sure to tell your guests to turn around for 10 minutes while you slowly navigate through the single-line alphabet and enter every letter of the code. Because this is what that process looks like, and anyone who cares to can easily glean your password:
As if that weren’t bad enough, the associated email account to said password is not redacted and totally open to prying eyes. So now, a savvy thief (or, really, an almost completely inept one) can easily get everything needed to compromise not only your Apple TV accounts, but the credentials to your entire iOS life. Identity theft has never been so easy.
To some degree, console gamers have long been familiar with this issue, as have Netflix and Hulu and Amazon users via Roku boxes and smart TV software and the like. But the transactions usually supported by those devices — and the lack of their de facto tie-ins to much larger financial and informational ecosystems — render the issue mostly moot. With Apple TV, however, you’re going to get email apps, banking apps, automation apps, service apps for business, and more. Yeah, you’re most likely using this thing at home, but it’s still an issue.
And even if it weren’t a glaring security problem, the actual process of such text entry is painfully frustrating. Make a mistake, and you risk chucking your controller through your TV in abject frustration. (On the other hand, the conspiracy theorist in me thinks maybe that’s actually Apple’s long-term play to begin with …)
Still, the biggest curiosity, at least for me, is that Touch ID on iPhone is not supported for all this out of the gate. In fact, it seems that, for whatever reason, the iPhone itself is not supported out of the gate. As Apple is all about handset-as-hub, that strikes me as singularly weird. Similarly, there’s no support for Apple Watch authentication, either, making the company’s baffling synergy strategy that much more mysterious.
All that said, we fully expect Apple TV and its iPhone/Apple Watch supporting remote apps — both first- and third-party — to be updated to address these concerns in the near future.
For now, though, keep your blinds closed and only invite trusted friends into your inner Apple sanctum.