British computer scientists have discovered a way to remotely hijack contactless visa payments on locked iPhones. Proper delivery of exploits allows an intelligent hacker to make huge financial transactions without ever being touched or even approached through a locked device.
Researchers at the University of Birmingham and the University of Surrey discovered this exploit and took advantage of itExpress transit, An Apple Pay feature for passengers, The BBC reported. “Express”, which allows users to make quick, uncompromising visa payments at ticket barriers and other travel kiosks, basically lets you lock your locked phone out of the car window, pay and go.
The attack using this useful application is certainly quite complex and a little difficult to follow but theoretically, you can imagine that it is being used in some kind of high-stakes, cyber-theft type scenario সম্ভবত perhaps targeting a rich individual.
Here’s how it works: A small piece of “commercially available” radio equipment is placed next to the phone, making the device believe it’s facing a ticket barrier (researchers don’t say exactly what the equipment is – maybe they don I don’t want people to have it at home Try). Then, an application created by the researchers was run on an Android phone and the signals from the iPhone were sent back to the real contactless payment terminal – probably at a safe distance and controlled by criminals. From there, the phone’s communication with the payment terminal can be changed, thus making it believe that the transaction has been approved.
While all may seem really complicated, researchers have apparently been able to use this method to pay £ 1,000 using a locked iPhone. They tested similar attacks on Samsung Pay and MasterCard but found that it could not be replicated with those systems.
For now, this is more of a hypothetical threat than a real one. When reached for comment, a Visa representative told Gizmodo that an attack of this kind would likely not work outside of a lab.
“Visa cards connected to Apple Pay Express Transit are secure and cardholders should continue to use them with confidence. Variations of contactless fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world,” said the company representative. “Visa takes all security threats very seriously, and we work tirelessly to strengthen payment security across the ecosystem.”
An Apple spokesperson similarly told Gizmodo that “Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place.”
For the most part, researchers seem to agree with this assessment—though they believe that exploits of this kind could become a real threat in the future. The attack “has some technical complexity,” Dr Andreea Radu, of the University of Birmingham, tells BBC, Noticing this, “In a few years, these [attacks] That could be a real problem. ”
However, another researcher at the University of Birmingham, Dr Tom, told the fourth outlet that iPhone owners who have a Visa card Apple Pay features It should be disabled. “Apple Pay users don’t need to be in danger, but until Apple or Visa fix it,” he said.