Researchers Find Locked iPhones With Visa Cards Connected to Apple Pay Can Be Hacked | WHAT REALLY HAPPENED X-Frame-Options: SAMEORIGIN

Researchers Find Locked iPhones With Visa Cards Connected to Apple Pay Can Be Hacked

British computer scientists have discovered a way to remotely hijack contactless Visa payments on a locked iPhone. Proper delivery of the exploit could allow a savvy hacker to make hefty financial transactions via the locked device without ever touching it or even being nearby.

The exploit was discovered by researchers at the University of Birmingham and the University of Surrey and takes advantage of “Express Transit,” an Apple Pay feature for commuters, the BBC reports. “Express,” which lets users make quick, contactless Visa payments at ticket barriers and other travel kiosks, essentially allows you to stick your locked phone out of the car window, pay, and go.

The attack, which exploits this useful application, is admittedly pretty complex and a little bit hard to follow but, in theory, you can imagine it being used in some sort of high-stakes, cyber-heist type scenario—potentially one targeting a wealthy individual.

It works something like this: A small piece of “commercially available” radio equipment is placed near the phone, thus tricking the device into believing it is facing a ticket barrier (researchers don’t explicitly say what the equipment is—presumably because they don’t want people to try this at home). Then, an application developed by the researchers is run on an Android phone and used to reroute signals from the iPhone to a real contactless payment terminal—presumably one at a safe distance and controlled by the criminals. From there, the phone’s communication with the payment terminal can be altered, thus tricking it into believing that transactions have been authorized.