Security News > 2021 > September > Apple Pay with VISA lets hackers force payments on locked iPhones

Apple Pay with VISA lets hackers force payments on locked iPhones
2021-09-30 00:37

Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet with express mode enabled.

Apple Pay solved the problem with Express Transit, a feature that allows a transaction to go through without unlocking the device.

In combination with a Visa card, "This feature can be leveraged to bypass the Apple Pay lock screen, and illicitly pay from a locked iPhone, using a Visa card, to any EMV reader, for any amount, without user authorisation."

During the experiment, the researchers were able to make a GBP 1,000 transaction from a locked iPhone.

With Mastercard, a check is performed to make sure that a locked iPhone accepts transactions only from card readers with a transit merchant code.

Trying the method with Samsung Pay, the researchers found that transactions are always possible with locked Samsung devices.


News URL

https://www.bleepingcomputer.com/news/security/apple-pay-with-visa-lets-hackers-force-payments-on-locked-iphones/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349