Flaw in iPhone Allows Bad Actors to Make Payments With Visa Card From Locked Devices

Anonymous leaks data for Epik's entire infrastructure, Telegram bots intercept one-time passwords, GriftHorse Android app campaign affected 10M victims, Cryptocurrency ATMs highly vulnerable, more

Researchers at the University of Birmingham and the University of Surrey in the U.K. devised a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet with express mode enabled.

They were able to leverage an Apply Pay’s Express Transit, a feature that allows a transaction to go through without unlocking the device, “to bypass the Apple Pay lock screen, and illicitly pay from a locked iPhone, using a Visa card, to any EMV reader, for any amount, without user authorisation.” The researchers sent their findings to Apple and Visa in October 2020 and May 2021, respectively, but neither has fixed the problem. (Ionut Ilascu / Bleeping Computer)

Related: ZDNet Security, Daily Mail, MacRumors, Cybersecurity Insiders, The Apple Post, iMore, BetaNews, Hackers Review, Tech Xplore, 9to5Mac, Telegraph, Cult of Mac, iMore, The Apple Post, Infosecurity Magazine, Hackers Review

The hacktivist collective Anonymous has released what it claims to be new da…