Saturday, November 27, 2021

Apple Pay Visa feature could be hacked to drain your wallet

- Advertisement -

Cybersecurity researchers have demonstrated what they claim to be security issues in Visa and Apple payment mechanisms to make illicit contactless mobile payments.

The researchers from the University of Birmingham and the University of Surrey used a locked iPhone to make a payment via NFC exploiting an Apple Pay feature called ‘Express Transit’ that is designed to work with Visa to help commuters pay instantly at ticket barriers.

In a video, the researchers successfully tricked an iPhone to make a Visa payment of 1,000 pounds or 1,00,248 INR without actually unlocking the phone or explicitly authorizing the payment.

According to reports, while Apple said the matter was an issue with Visa’s payment system, Visa countered the research by stating that its payments were secure and an attack of this nature could not be replicated outside of a lab in the real world.

The hack mainly involves the use of a small commercially available piece of radio equipment, which is placed near the iPhone to trick it into believing it is dealing with a ticket barrier.

Apple’s iPhone 13 Pro and iPhone 13 Pro Max’s third-party app animations only limited to 60Hz

At the same time, an Android device running a custom app developed by the researchers is used to relay signals from the iPhone to any contactless payment terminal.

- Advertisement -

Since the iPhone thinks it is paying a ticket barrier, it does so while still being locked. On the other end, the custom Android app modifies the iPhone’s communications with the payment terminal, which thinks the iPhone has been unlocked and the payment system has been authorized legitimately.

More importantly, the researchers shared that the Android phone and payment terminal used in the hack do not need to be near the victim’s iPhone.

“It can be on another continent from the iPhone as long as there is an internet connection,” Dr Ioana Boureanu of the Universit of Surrey told the BBC.

The researchers reportedly shared their discovery with both Apple and Visa about a year ago, but are still waiting on a fix. Visa meanwhile believes that the idea of this hack is ‘impractical’ outside of a lab.

Also read:

- Advertisement -


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

More To Consider


Stay Connected

Boat Lifestyle [CPS] IN

Hot Topics

Latest Articles