Imagine putting your iPhone in your pocket, completely locked, yet someone manages to withdraw thousands of dollars from your digital wallet without touching the screen or asking for your Face ID! This might sound like a scene from a science fiction movie, but it actually happened in a live and controversial experiment. Security researchers from the universities of Surrey and Birmingham carried out a complex attack targeting the iPhone of famous YouTuber Marques Brownlee (MKBHD), and they managed to withdraw a massive sum of $10,000 from his device while it was in a locked state.
The Express Transit Mode Trick
The attack, highlighted by the famous Veritasium channel, relies on a technical vulnerability related to the “Express Transit Mode” feature in Apple Pay. This feature is designed to allow you to pay at subway and bus stations quickly without needing to unlock your iPhone or use Face ID. However, the researchers found a way to trick the phone into thinking it is in front of a transit gate, while it is actually in front of a fake card reader.
It requires physical access to the device and specialized equipment, where an NFC reader connected to a laptop is used to intercept the communication. The NFC reader’s ID is modified to match the IDs of authorized transit stations, and then the collected payment data is sent to another phone (a burner phone) that is brought close to a legitimate card reader to complete the theft.
Why Visa cards specifically?
What is interesting about this vulnerability is that it only works with a very specific combination: an iPhone and a Visa card. It turns out the problem is not in Apple’s operating system itself, but in Visa’s security protocols when handling Express Transit transactions. The attack does not work with Mastercard or American Express cards because these companies use different security methods that cannot be tricked in the same way.
Furthermore, Samsung device users and the Samsung Pay service are safe from this type of attack, which puts the ball in Visa and Apple’s court to clarify who is responsible for this security gap that allows bypassing traditional transaction limits and withdrawing huge amounts reaching thousands of dollars in a single operation.
Should you be worried about your money?
In response to this experiment, Apple stated that the issue lies with the Visa system and that it is unlikely for such fraud to occur in the real world given the technical complexity required and the need for physical access to the device. For its part, Visa confirmed that its cardholders are protected by a “Zero Liability” policy, meaning that any fraudulent transactions of this type can have their funds easily recovered.
Simply put, you should not worry
Experts believe that carrying out this attack on a large scale on the street is very difficult, but it remains an important reminder that technology, no matter how secure, may always contain unexpected vulnerabilities. If you are worried, the simplest advice is not to use a Visa card as the primary source for “Express Transit Mode” on your iPhone, or simply turn off the feature if you do not use public transportation that supports it.
Source:
Leave a Reply