A group of researchers have found a way through which Apple Pay users relying on Visa can carry out a contactless hack using a specific feature. The team has found that unauthorized payments can be carried out through a feature on Apple Pay, which has been designed to help commuters pay for their tickets quickly.
An Ingenious Way to Hack
In a video, the researchers, who hail from the Computer Science departments of the Surrey and Birmingham Universities, show how a locked iPhone can be made to process a contactless payment of £1,000 through Visa. In response, tech giant Apple Inc. has said that the matter is a “concern with a Visa system.” However, the payments giant has denied these accusations, saying that payments made through its gateway are secure, and that the problem is “impractical outside the lab.”
The problem is apparently noticed in Visa cards that are set to the Express Transit mode in iPhone wallets, if the words of the researchers are to be believed. The feature is available on Apple Pay, and allows commuters to skip unlocking their phone in order to make contactless payments. The London Underground ticket barrier is one such location where the tool is operable, through the touch-in and touch-out system.
Fooling the System
The team took money from their accounts while demonstrating the flaw, and deduced that the system works in the following way. If a small piece of radio equipment is placed in front of an iPhone, the device can be tricked into thinking of it as a ticket barrier. At the same time, an Android phone which runs an app developed by the team is used to relay signals from the iPhone, directly to a contactless payments terminal.
If cyber-criminals get their hands on this application, they can easily extort money from the iPhone, which doesn’t have to be unlocked since it thinks it’s dealing with a ticket barrier. The final step is to modify the iPhone communication with the payment terminal, in a bid to fool it into thinking that the payment has been authorized after unlocking the iPhone. In short, this method can be used to carry out high value transactions, without the need for any fingerprint, PIN, or Face ID.
At the same time, the researchers have so far only demonstrated the risk in a laboratory, with no practical proof to suggest that criminals are currently using it. The researchers have said that the attack may be the easiest to carry out on stolen iPhones.
The team has said that even though they had initally approached Visa and Apple with their concerns a year ago, nothing concrete has yet been done to correct the issue.