Security researchers devised a new attack method against iPhone owners using Apple Pay and Visa payment cards.
Boffins from the University of Birmingham and the University of Surrey exploited a series of vulnerabilities in an attack against iPhone owners using Apple Pay and Visa payment cards. A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities exploited in the attack remain unpatched, but the impacted vendors say they are not concerned.
The researchers explained that the attack could allow an unauthenticated attacker to steal money from the targeted iPhone when it is configured to use Apple Pay and a Visa card in “transit mode.”
Experts pointed out that the attack also works against locked iPhones. Before going deep into the attack, let me introduce the “Express Transit” / “Express Travel” feature implemented in Apple Pay, which allows users to make a payment without having authorized the payment with Face ID or Touch ID.
This feature could be very useful while paying for public transportation.
The researchers attempted to simulate a similar scenario and emulated a ticket-barrier transaction by using a Proxmark device acting as a card reader communicating with the target iPhone and an Android phone with an NFC chip (acting as a card emulator) that communicated with a payment terminal.
In the attack scenario, hackers hold the reader emulator close to the targeted iPhone.
The attack devised by the researchers is an active man-in-the-middle replay and relay attack, the Proxmark replays the “magic bytes” to the iPhone to trick it into believing that it’s a ticket-gate transa ..
Support the originator by clicking the read the rest link below.
