Apple Pay’s security vulnerability, involving users with a paired Visa card, apparently allows hackers to transact your iPhone without authentication.
(Photo: by Peter Macdiarmid / Getty Images)
LONDON, ENGLAND – JULY 14: An iPhone is used in this photo illustration to make an Apple Pay purchase at the Post Office on July 14, 2015 in London, England. IPhone and Apple Watch owners can now use their device to pay for purchases from merchants who support the new mobile wallet service Apple Pay.
Apple Pay security vulnerability
According to Bleeping Computer, researchers from the University of Birmingham and the University of Surrey in the UK discovered the vulnerability of Apple Pay users using Visa.
The point of sale further simplified the hacking method, saying that it is similar to the pickpocket where users are unaware that the criminal minds are withdrawing money from their pockets or pockets.
This type of digital pickpocketing works without taking your iPhone out of your hand. Hackers could transact wirelessly using Apple Pay’s Express mode.
Apple Pay vulnerability and express public transport mode
According to Standard UK, the security gap only exists in Apple Pay Express Transit mode with a Visa card attached as an Express Travel Card.
It should be noted that Apple Pay’s Express Transit mode allows users to tap into their phones to conduct transactions without having to unlock their devices.
The feature is designed to avoid the inconvenience of paying while traveling on public transport, although unlocking the iPhone could be a time-consuming task for some travelers.
However, via Express Transit mode, Apple Pay users only need to tap their iPhone to travel on public transport without the authentication process like Touch ID or entering a passcode.
The British researchers discovered Apple’s vulnerability by using a simple radio device to trick the iPhone into thinking that it was the device using the transit gate.
However, the device used in the study was the same payment reader that retail stores or restaurants commonly use.
Also read: Apple releases emergency security update as Pegasus spyware from the Israeli NGO group is on the run
Apple user with VISA card revealed
Although Mastercards could also be paired with Apple Pay’s transit mode, the transaction did not proceed with the card reader used by the researchers.
Instead, it was only enforced using a reader bearing the transit merchant code. Hence, the simple two-way radio that could be used by hackers only works with Visa cardholders on Apple Pay.
The researchers said that both companies involved, Apple and Visa, were announced as early as October 2020 and
Nevertheless, the security gap for Apple Pay users with Visa cards remains unsolved.
However, the researchers also said that both Visa and Apple have already recognized the dangers of their discovery. But both companies still have to decide who is responsible for the vulnerability.
So far, however, there has been no official solution to the Apple Pay bug from the companies involved.
Apple Pay security vulnerability: how to fix it
With no solution to Apple or Visa themselves vulnerability, users can at least disable their Visa card for Apple Pay transit mode, UK study co-author Dr. Tom Chothia, pushed.
Related article: Apple CEO Tim Cook says the company is currently looking for the employee who leaked a confidential memo
This article is owned by Tech Times
Written by Teejay Boris
Ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.