Back

iPhone Payment Fraud Risk Due to Apple Pay and Visa Vulnerabilities

Severity: High (Score: 64.5)

Sources: 9To5Google, www.birmingham.ac.uk, Daringfireball

Summary

Research from the University of Birmingham and University of Surrey has revealed vulnerabilities in Apple Pay and Visa that could allow hackers to bypass the iPhone's lock screen and execute unauthorized contactless payments. The flaw primarily affects iPhones using Visa cards in 'Express Transit mode', which is designed for quick payments in transit systems. By exploiting a unique code broadcast by transit gates, attackers can trick the iPhone into thinking it is communicating with a transit system, allowing for transactions of any amount without user authorization. This vulnerability has been known since at least 2021, but Apple and Visa have not implemented a fix, leaving users exposed. While Android devices are not susceptible to this specific attack, the issue highlights significant security concerns in mobile payment systems. The researchers emphasize that usability features intended to enhance convenience can inadvertently compromise security. Current discussions with Apple and Visa have not resulted in accountability or a solution for affected users. Key Points: • Vulnerabilities in Apple Pay and Visa allow unauthorized payments on iPhones. • Attackers can exploit 'Express Transit mode' to bypass lock screen security. • Apple and Visa have been aware of this issue since 2021 but have not issued a fix.

Key Entities

  • Android (platform)
  • Apple Pay (platform)
  • Google Wallet (platform)
  • IPhone (platform)
  • Samsung Pay (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed