Apple Pay's security vulnerability involving users with a paired Visa card apparently allows hackers to make transactions on your iPhone even without authentication.
LONDON, ENGLAND - JULY 14: In this photo illustration, an iPhone is used to make an Apple Pay purchase at The Post Office on July 14, 2015 in London, England. From today iPhone and Apple Watch owners can use their device to pay for purchases at retailers who support the new mobile wallet service Apple Pay.
Apple Pay Security Vulnerability
As per Bleeping Computer, researchers from the University of Birmingham and the University of Surrey in the United Kingdom discovered the security flaw of Apple Pay users with Visa.
The outlet further simplified the hacking method, saying that it is similar to pickpocketing, wherein users are not aware that the criminal minds are cashing out money from their pockets or bags.
This kind of digital pickpocketing works without the need to get the iPhone from your hands. Hackers could do transactions over the air via the express mode of Apple Pay.
Apple Pay Security Flaw and Express Transit Mode
According to Standard UK, the security flaw only exists on the Apple Pay Express Transit mode with a Visa card attached as an Express Travel Card.
It is to note that the Express Transit mode of Apple Pay allows users to tap their phones to make transactions without the need to unlock their devices.
The feature is supposed to avoid any inconvenience while paying during public transportation commutes, wherein unlocking the iPhone could be a time-consuming task to some traveling folks.
That said, Apple Pay users through the Express Transit mode will only need to tap their iPhone to ride public transportation, sans the authentication process, such as the Touch ID or the entering a passcode.
The UK researchers discovered the Apple security flaw by using a piece of simple radio equipment to trick the iPhone that it is the device that the transit gate uses.
However, the device that was used in the study was the same payment reader that retail stores or restaurants commonly used.
Apple Users with VISA Card Exposed
Although Mastercards could also be paired with the Transit Mode of Apple Pay, it did not continue the transaction with the card reader that the researchers used.
Instead, it only pushed through with a reader that sports the transit merchant code. As such, the simple radio device that could be used by hackers only works on Visa cardholders on Apple Pay.
The researchers said that both involved firms, Apple and Visa, already knew about their security flaw discovery way back in October 2020 and May 2021, respectively, after they sent the research finding to the companies.
Nevertheless, the security flaw for Apple Pay users with Visa cards remains unfixed.
However, the researchers also said that both Visa and Apple have already acknowledged the dangers of their discovery. But both firms have yet to decide on which party is responsible for the security flaw.
That said, up until now, there has been no official fix for the Apple Pay flaw from the involved companies.
Apple Pay Security Vulnerability: How to Fix
With the absence of a solution for the vulnerability coming from Apple or Visa themselves, the least that users could do is to disable their Visa card for the Transit Mode of Apple Pay, the co-author of the UK study, Dr. Tom Chothia, urged.
Related Article: Apple CEO Tim Cook Says Company is Currently Looking For the Employee Who Leaked a Confidential Memo
This article is owned by Tech Times
Written by Teejay Boris
