Vulnerability Exposes iPhone Users to Payment Fraud

Many iPhone users are vulnerable to payment fraud due to vulnerabilities in Apple Pay and Visa, according to new research from the University of Birmingham and the University of Surrey.

The experts revealed they could bypass an iPhone’s Apple Pay lock screen to perform contactless payments when the Visa card is set up in ‘Express Transit mode’ in an iPhone’s wallet. Transit mode allows users to make a quick contactless mobile payment without fingerprint or facial recognition authentication, for example, at an underground station turnstile.

The team used simple radio equipment to uncover a unique code broadcast by the transit gates, or turnstiles, which unlocks Apple Pay. This code, dubbed ‘magic bytes,’ was used to interfere with the signals going between the iPhone and a shop card reader. The researchers could then trick the iPhone into believing it was interacting with a transit gate rather than a shop card reader by broadcasting the magic bytes and changing other fields in the protocol.

Therefore, this weakness could potentially be exploited by hackers to make transactions from an iPhone inside someone’s bag without their knowledge.

The technique even enabled the experts to bypass the contactless limit, enabling any amount to be taken without the iPhone user’s knowledge. This is because the shop reader believed the iPhone had successfully completed its user authorization.

The researchers emphasized that the vulnerability only applies to Apple Pay and Visa systems working together and does not affect other combinations, such as Mastercard in iPhones.

Dr Andreea Radu, lecturer at the School of Computer Science, University of Birmingham, commented: “Our work shows a clear example of a ..

Support the originator by clicking the read the rest link below.