Why it matters: Everyone has the convenience of contactless payment, especially when you're in a hurry. However, this convenience often comes at the cost of reduced security. It appears that a combination of flaws in the Apple Pay and Visa systems could allow hackers to make unauthorized payments using only a powerful, stolen iPhone.
A team of researchers at the Universities of Birmingham and Surrey in the UK has discovered a new flaw in the iPhone that allows attackers to take advantage of a weakness in the Express Pay feature in Apple Pay when using them to make unauthorized payments. visa card.
Express Transit (Fast Travel in the UK) allows the iPhone user to click in and out of ticket barriers to speed up payments. In other words, it eliminates the need for password authentication, Touch ID, or Face ID when paying, but it also creates a downside that can easily be achieved with a relatively cheap piece of used commercial radio equipment.
Now, if you want more security, you can disable express transfer payments. If you are looking for an in-depth study in this area, you can find a related research article here. You can also check out DinoSec's comprehensive list of lock screen bypass issues affecting any major version of iOS since iOS 5.
New flaw in Apple Pay allows hackers to steal money from a locked iPhone