Skip to main content

Apple Pay security flaw allows hackers to steal your money when your iPhone is locked

posted onOctober 4, 2021
by l33tdawg
BGR
Credit: BGR

Researchers in the UK have discovered a flaw in Apple Pay that allows hackers to make unauthorized contactless payments from your iPhone. The researchers from the University of Birmingham and the University of Surrey published a paper on Thursday describing the method by which this flaw can be exploited. Hackers can even bypass the lock screen of an iPhone with this method.

The Express Transit feature that Apple first introduced in iOS 12.3 appears to be the culprit behind the vulnerability. With Express Transit, you can quickly pay for rides on public transportation with a card in the Wallet app. As Apple notes on this support page, you don’t have to validate with Face ID, Touch ID, or a passcode. Express Transit is meant to be convenient, but it’s also key to this exploit.

As the researchers explain, ticket readers transmit a non-standard sequence of bytes that are capable of bypassing the iPhone lock screen. They refer to these as “magic bytes” in their research paper. This allows Express Transit (and similar features on other devices) to function. Apple Pay checks to see if all the requirements are met, and if they are, it processes the payment.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th