An iPhone Bug Can Make Locked handset contactless payments

An iPhone bug means hackers could force your locked device to make large unauthorised contactless payments.

According to researchers from Birmingham and Surrey universities, the issue was discovered during an Apple Pay experiment.

Hackers could exploit an iPhone to steal money from your account

Hackers could exploit an iPhone to steal money from your account

The experts created a video demonstrating how they could force a locked iPhone to make a contactless Visa payment of £1,000 to their account.

They exploited an issue that allows commuters quickly to get around ticket barriers.

This issue could affect Visa cards that you have set up in Express Transit mode on your iPhone’s wallet.

Express Transit mode allows for quick contactless payments, without the need to unlock your iPhone.

This mode is ideal for quickly passing ticket barriers.

Researchers have proven that radio equipment can be used to fool an iPhone into thinking it is passing through a ticket barrier.

They also used an Android device as a relay to send signals from the iPhone’s contactless payment terminal to their control.

The iPhone is forced to think it has been locked and is required to make a contactless transaction.

The hack does not require a PIN, Face ID, or fingerprint scan to work.

Researchers said that hackers don’t need to be within reach of your iPhone.

The hacker could be anywhere on the planet and still be able take the money.

It isn’t clear that criminals are using this attack. The researchers conducted the research in a lab, with their own money.

According to The BBC, Apple said the issue was “a concern with a Visa system”.

Visa however stated that such an attack is impossible outside of a laboratory environment and that its payments are secure.

An iPhone can be turned off Express Transit mode if it is concerned about an attack like this.

Dr Andreea Radu, from the School of Computer Science at the University of Birmingham, led the research.

She said: “Our work shows a clear example of a feature, meant to incrementally make life easier, backfiring and negatively impacting security, with potentially serious financial consequences for users.

“Our discussions with Apple and Visa revealed that when two industry parties each have partial blame, neither are willing to accept responsibility and implement a fix, leaving users vulnerable indefinitely.”

Co-author Dr Tom Chothia, also in the School of Computer Science at the University of Birmingham, added: “iPhone owners should check if they have a Visa card set up for transit payments, and if so they should disable it.

“There is no need for Apple Pay users to be in danger but until Apple or Visa fix this they are.”

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Are you looking for those hidden features within social media apps that are not easily found? We’ve got you covered…

Latest News

Related Articles