Security Experts Warn of Apple Pay Express Transit Hack That Enables Large Unauthorized Visa Payments From Locked iPhones

Interesting that this only affects Visa and not Mastercard.

Computer Science researchers from Birmingham and Surrey Universities demonstrated to the BBC how the attack works by exploiting a weakness in the Visa contactless system through the use of a small piece of commercially available radio equipment, which is placed near the phone and masquerades as a ticket barrier.

Apple told the BBC the matter was an issue with the Visa system.

“We take any threat to users’ security very seriously,” said Apple. “This is a concern with a Visa system but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place. In the unlikely event that an unauthorized payment does occur, Visa has made it clear that their cardholders are protected by Visa’s zero liability policy.”

1 Like

Thus we will not be paying a bounty to the researchers for this either.

I love the argument that it works in a lab but wouldn’t be practical outside a lab.

Someone could charge £1,000 a pop on a locked (stolen) phone without the phone’s owner realizing it? I have a feeling someone will figure out how to make that work in the wild. People attach credit card skimmers to public gas pumps in view of security cameras, for crying out loud.

1 Like