IPhone flaw “allows hackers to use your bank card”: security problem allows cyber crooks to make contactless payments without knowing owner’s access code, study finds
- Security flaw discovered in iPhones allows hackers to make contactless payments
- Experts have released video proving they can take £ 1,000 off locked iPhone
- The weakness lies in the ApplePay and Visa systems and would affect commuters
A security flaw in iPhones allows hackers to make contactless payments without knowing the user’s password, researchers have found.
The issue affects users who have set up Visa cards to pay in “transit mode,” a popular feature for commuters to make fast payments through the gates.
Scientists have found that the flaw can also bypass the contactless limit, which means any amount can be stolen.
Using simple radio equipment, they were able to interfere with the signals at the turnstiles and trick the iPhone into thinking it was paying for a trip – when in fact, it was paying on a nearby card.
Security flaw in iPhones allows hackers to make contactless payments without knowing the user’s passcode, researchers have found (stock image)
Experts at the universities of Birmingham and Surrey, who discovered the loophole, released a video proving they were able to accept a payment of £ 1,000 from a locked iPhone.
The weakness is that the ApplePay and Visa systems work together and do not affect other combinations, such as Mastercard in iPhones or Visa on Samsung Pay.
Dr Andreea Radu, University of Birmingham, said: ‘Our work shows a clear example of a feature, intended to gradually make life easier, turning around and having a negative impact on safety, with potentially financial consequences. serious.
“Our discussions with Apple and Visa revealed that when two parts of the industry each have partial responsibility, neither is willing to accept responsibility and implement a fix, leaving users vulnerable indefinitely.”
Experts at Birmingham and Surrey Universities, who discovered the flaw, released video proving they were able to accept a £ 1,000 payment from a locked iPhone (stock image)
The flaw occurred when Visa cards are set to “express transit mode” in the wallet of an iPhone.
Using basic radio equipment, the team identified a unique code broadcast by the turnstiles, which can unlock Apple Pay. Researchers tricked the phone into believing it was talking at a transit door, when in reality it was talking to a store card reader.
At the same time, the researchers tricked the card reader into believing that the iPhone had completed its authorization for use, so that payments of any amount can be accepted.