Why is it important: Everyone loves the convenience of contactless payments, especially when you’re in a hurry. However, this convenience is often achieved at the expense of security. It turns out that a combination of flaws in Apple Pay and Visa could allow a hacker to make unauthorized payments using only a stolen power-on iPhone.
A team of researchers from the Universities of Birmingham and Surrey in the UK disclosed a new iPhone flaw that allows attackers to make unauthorized contactless payments by exploiting the weakness of Apple Pay Express Transit when using a Visa card.
Express transit (Express Travel UK) allows the iPhone user to navigate to ticket barriers for faster payment. In other words, it removes the need to authenticate with a passcode, Touch ID, or Face ID when making payments, but it also introduces a disadvantage that can be easily used with relatively inexpensive, commercially available radio equipment.
The researchers explained that all it takes to make an unauthorized contactless payment of £ 1,000 (about $ 1,350) is to program radio equipment that mimics the ticket barrier system and relay the so-called “magic bytes” via an Android app to simulate a real contactless transaction. Dr. Ioana Bureanu, who is one of the researchers who discovered the vulnerability, says the bogus payment terminal and Android phone must be near the victim’s iPhone for the exploit to be successful, making it painfully easy if lost or stolen. iPhone.
So far, researchers have not found any evidence that this security breach was exploited in the wild, but lead researcher Dr. Andrea Radu believes it will only be a matter of time before attackers exploit it. Apple was notified of the issue in October 2020, but the company transferred responsibility to Visa, which was notified in May 2021. The latter claims to be familiar with countless variants of contactless fraud schemes developed in the laboratory, and believes that the exploitation of the vulnerability is “impractical for large-scale implementation in the real world.”
At the time of writing, none of the companies are willing to provide a fix. Visa claims you will be protected under its zero liability policy, and the researchers say they didn’t find the same issue when testing Express Transit with Mastercard. In addition, when trying to use the same attack method with Samsung Pay, the researchers found that while transactions are possible with locked Samsung devices, the transaction cost is zero and the approval process is based on a special agreement between the bank and transport providers on the exact cost of tickets.
For now, if you want to be more secure, you can turn off Express Transit Payments. If you would like more information on this subject, you can find the relevant research paper. here… You can also check out DinoSec’s extensive list of lock screen bypass problems affects every major iOS version since iOS 5.