Some British researchers have shown how large unauthorized contactless payments can be carried out on iPhone locked taking advantage of the function Express Transit from Apple Pay when set with Visa. Let’s find out all the details together.
Unauthorized payments through Apple Pay Express Transit
Express Transit is an Apple Pay feature that allows payment tap-and-go, eliminating the need to authenticate with Face ID, Touch ID or a access code. The device does not need to be woken or unlocked to use Express Transit.
Computer researchers from the universities of Birmingham and Surrey demonstrated to the BBC howattack by exploiting a weakness in the Visa contactless system. This is done through the use of a small piece of commercially available radio equipment.
The part is then placed near the phone and masquerades as a ticket barrier.
An Android phone running an application developed by researchers is used for transmit signals from the iPhone to a payment terminal contactless. At the same time modification communications to trick the terminal into behaving as if the iPhone has been unlocked and payment authorized.
To demonstrate the attack, the researchers carried out a Visa payment contactless di 1,000 pounds from a locked iPhone. Scientists only took money from their accounts. The researchers said the Android phone and the payment terminal used they don’t need to be near the iPhone of the victim. The important thing is that there is obviously an internet connection.
Apple told the BBC that the issue was a problem with the system Visa.
“We take any security threat to users very seriously,” Apple said. “This is a concern for the Visa system. However, Visa does not believe that this type of fraud takes place in the real world, given the multiple layers of security in place. In the unlikely event that an unauthorized payment occurs, Visa has made it clear that their cardholders are protected by Visa’s zero liability policy. “
The researchers said the attack could be easier to implement against a stolen iPhone, although there is no evidence that the hack was used in nature. Visa said the payments are safe and attacks of this type are impractical outside a laboratory.
“Visa cards linked to Apple Pay Express Transit are safe, and cardholders should continue to use them with confidence,” a Visa spokesperson said. “Variations of contactless fraud schemes have been studied in the laboratory for more than a decade and cannot be practiced.”
The researchers told the BBC they spoke to Apple and Visa about their concerns nearly a year ago. However the problem has not been fixed yet. The researchers also tested Express Transit with Mastercard but found that the way his security works prevented the attack.
Leave a Reply
View Comments