Security researchers successfully demonstrated a hack in which they took £1,000 from a locked iPhone. It applies to Visa cards set up as Express Transit (via BBC).
Visa Apple Pay Hack
Here’s how the attack worked. A small “commercially available piece of radio equipment” was placed near the iPhone to trick it into think it’s a ticket barrier. Next, an Android phone running a special app created by the team relays signals between the iPhone and a contactless payment terminal.
The researchers say the Android phone and payment terminal used don’t need to be near the victim’s iPhone. It can be on another continent from the iPhone as long as there’s an internet connection.
The iPhone thinks it’s paying a ticket terminal and doesn’t need to be unlocked. The signal between the iPhone and payment terminal is intercepted, then modified to make the terminal think the iPhone has been unlocked and the payment authenticated. Using their own iPhone, the researchers successfully transferred £1,000 from their own account.
Apple claims that the problem lies with Visa’s network, while Visa says the payments are secure and “attacks of this type were impractical outside of a lab.” The bug remains unfixed.