Vulnerability in Apple Pay allows payment with locked iPhone


Vulnerability in Apple Pay allows payment with locked iPhone

A vulnerability in Apple Pay with a linked Visa credit card makes it possible to make payments with a locked iPhone. An attacker therefore only needs to have a stolen iPhone to carry out transactions. However, the transactions can also be carried out via an iPhone in someone's bag, according to researchers from the University of Birmingham and the University of Surrey.

The vulnerability occurs when " Express Transit " is set up for a Visa credit card in the Apple Wallet. Express Transit is an option that allows users to make contactless payments without unlocking their phone or opening an app. There is also no authentication required such as Face ID, fingerprint or a pass code, just placing the device near a contactless reader is sufficient. For example, the option is used in public transport to allow travelers to pay for their journey at the entrance gates.

Using simple radio equipment, the researchers were able to identify a code that is emitted through access gates. This code unlocks Apple Pay so that the traveler can pay via their phone. However, the code can also be used to influence the signals between the iPhone and a store's card reader.

By broadcasting the code and modifying other fields in the protocol used, the researchers tricked the iPhone into thinking it was communicating with a gateway, when in reality it was communicating with a store's card reader. At the same time, the researchers convinced the card reader that the iPhone had completed user authorization, allowing any amount to be withdrawn without the user's knowledge, the researchers said. They add that an attacker does not need cooperation from the store.

According to the research team, the problem lies with both Apple and Visa, but neither party wants to take responsibility and roll out a solution, leaving users still vulnerable. The problem does not occur with Mastercard on iPhones or Visa in combination with Samsung Pay. Apple Pay with Visa users can verify that Transit Express is enabled and disable it if desired.

"There's no reason for Apple Pay users to be at risk, but until Apple and Visa resolve this, they will," said study researcher Tom Chothia. In the video below, the researchers demonstrate how to make a payment of a thousand pounds via a locked iPhone.

watch POC from here

Previous Post Next Post