A security feat could allow hackers to steal money via Apple Pay Express Transit from locked iPhones

Security researchers have discovered a new vulnerability in Visa cards that allows hackers to withdraw money from them when they are set as the default card for Express Transit in Apple Pay (called Express Travel in the UK).

The Express Transit feature on Apple Pay enables contactless transactions in public transport, such as the London Underground. Because transaction values ​​are usually small and the daily transaction limit is limited, Express Transit does not require users to authenticate transactions using Face ID or Touch ID. This also saves time and improves convenience when entering and exiting the train door.

In a demonstration of the new vulnerability they share The Telegraph, a hacker could trick this contactless system into making arbitrary transactions and stealing money from a locked iPhone without the user’s knowledge. However, for this to work, the hacker would have to be in physical possession or near the victim’s device.

Researchers have shown that by imitating the signal from the public transport terminal, the victim’s iPhone could be forced to pay the hacker. However, security researchers who demonstrated this vulnerability also managed to circumvent the maximum transaction value limit and were able to process a payout of £ 1,000, all without the need for victim authentication.

Apple has noticed that there is an error in Visa systems. The company added that all unauthorized payments will be covered by the High Zero Liability policy.

“Visa cards linked to Apple Pay Express Transit are secure and cardholders should continue to use them with confidence,” a Visa spokesman said. They added that variants of contactless fraud schemes have been studied in laboratory environments for more than a decade and have “proved impractical to perform in large numbers in the real world.” A Visa spokesman claimed that the discovery of vulnerability does not mean that people are in danger.

Although Apple shifts the blame to Visa and Visa believes users are still protected, the exploitation is specific to Visa cards set as defaults for Express Transit on Apple Pay. Pairing a MasterCard or American Express card with Express Transit does not endanger the user.

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button