Apple Pay with VISA lets hackers force payments on locked iPhones


Level 37
Thread author
Top poster
Feb 4, 2016
Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet with express mode enabled.
The method is akin to a digital version of pickpocketing. It works over the air even if the iPhone is in a bag or in someone’s pocket and there is no transaction limit.

Ticket-gate payment trick​

Looking into relay attacks on contactless payments, researchers at the University of Birmingham and the University of Surrey in the U.K. found that iPhone devices confirm transactions under certain conditions.
For a payment to go through, iPhone users need to authorize it by unlocking the phone using Face ID, Touch ID, or a passcode.

In some scenarios, though, such as paying for public transportation, unlocking the device makes the payment process cumbersome for the user.