Apple Pay bug could allow attackers to bypass lock screen, make payments
A team of researchers in the U.K. has discovered security issues related to Visa cards and Apple Pay that could result in attackers bypassing the lock screen and making fraudulent payments.
Credit: Apple
According to the research, the flaw occurs when Visa cards are set up in Apple's Express Transit mode on an iPhone. The flaw could allow attackers to bypass the iPhone Lock Screen and make contactless payments without the passcode.
Apple's Express Transit mode allows users to quickly pay for transportation rides using a credit, debit, or transit card without unlocking their device.
The researchers say that the vulnerability only affects Visa cards stored in Wallet. It's caused by a unique code broadcast by transit gates or transit turnstiles that signal an iPhone to unlock Apple Pay.
By using common radio equipment, the researchers were able to perform an attack that tricked an iPhone into believing it was at a transit gate. The proof-of-concept attack involved an iPhone with Express Transit enabled making a fraudulent payment to a smart payment reader. A similar attack could occur in the wild by broadcasting the unique code and modifying a set of variables.
However, researchers point out that the attack doesn't appear practical on a wide scale. Even if an attacker were able to pull it off, banks and financial institutions have other mechanisms that deter fraud by detecting suspicious transactions.
The flaw was discovered by researchers from the University of Birmingham and the University of Surrey in the U.K. The authors of the paper, which is set to be published at the 2022 IEEE Symposium on Security and Privacy, are Andreea-Ina Radu, Tom Chothia, Christopher J.P. Newton, Ioana Boureanu, and Liqun Chen.
The researchers alerted Apple to the first in October 2020 and Visa in May 2021.
In a statement to ZDNet, Visa says this type of attack is nothing new and customers have little to worry about.
"Variations of contactless fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world," the credit card company wrote. "Visa takes all security threats very seriously, and we work tirelessly to strengthen payment security across the ecosystem."
Read on AppleInsider
Credit: Apple
According to the research, the flaw occurs when Visa cards are set up in Apple's Express Transit mode on an iPhone. The flaw could allow attackers to bypass the iPhone Lock Screen and make contactless payments without the passcode.
Apple's Express Transit mode allows users to quickly pay for transportation rides using a credit, debit, or transit card without unlocking their device.
The researchers say that the vulnerability only affects Visa cards stored in Wallet. It's caused by a unique code broadcast by transit gates or transit turnstiles that signal an iPhone to unlock Apple Pay.
By using common radio equipment, the researchers were able to perform an attack that tricked an iPhone into believing it was at a transit gate. The proof-of-concept attack involved an iPhone with Express Transit enabled making a fraudulent payment to a smart payment reader. A similar attack could occur in the wild by broadcasting the unique code and modifying a set of variables.
However, researchers point out that the attack doesn't appear practical on a wide scale. Even if an attacker were able to pull it off, banks and financial institutions have other mechanisms that deter fraud by detecting suspicious transactions.
The flaw was discovered by researchers from the University of Birmingham and the University of Surrey in the U.K. The authors of the paper, which is set to be published at the 2022 IEEE Symposium on Security and Privacy, are Andreea-Ina Radu, Tom Chothia, Christopher J.P. Newton, Ioana Boureanu, and Liqun Chen.
The researchers alerted Apple to the first in October 2020 and Visa in May 2021.
In a statement to ZDNet, Visa says this type of attack is nothing new and customers have little to worry about.
"Variations of contactless fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world," the credit card company wrote. "Visa takes all security threats very seriously, and we work tirelessly to strengthen payment security across the ecosystem."
Read on AppleInsider
Comments
The researchers also tested Samsung Pay, but found it could not be exploited in this way.
They also tested Mastercard but found that the way its security works prevented the attack.
https://www.bbc.co.uk/news/technology-58719891
Any card and be selected for express pay.
However, researchers point out that the attack doesn't appear practical on a wide scale. Even if an attacker were able to pull it off, banks and financial institutions have other mechanisms that deter fraud by detecting suspicious transactions.
I think the issue has been around for some time because years ago people were complaining about transit charging them when they weren’t using it but near a turnstile that uses that feature.
Adding stolen credit cards? I don't know how the banks are in your country, but in Canada there are some 2FA type steps to add any cart to ApplePay.
"We disclosed this attack to both Apple and Visa, and
They both (Visa _and_ Apple) put their customers at risk while arguing..
". Apple did not pay a bug bounty, even though
Consider yourselves warned.