Metacurity

Share this post

Flaw in iPhone Allows Bad Actors to Make Payments With Visa Card From Locked Devices

metacurity.substack.com

Flaw in iPhone Allows Bad Actors to Make Payments With Visa Card From Locked Devices

Anonymous leaks data for Epik's entire infrastructure, Telegram bots intercept one-time passwords, GriftHorse Android app campaign affected 10M victims, Cryptocurrency ATMs highly vulnerable, more

Cynthia Brumfield
Sep 30, 2021
∙ Paid
1
Share

Researchers at the University of Birmingham and the University of Surrey in the U.K. devised a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet with express mode enabled.

They were able to leverage an Apply Pay’s Express Transit, a feature that allows a transaction to go through without unlocking the device, “to bypass the Apple Pay lock screen, and illicitly pay from a locked iPhone, using a Visa card, to any EMV reader, for any amount, without user authorisation.” The researchers sent their findings to Apple and Visa in October 2020 and May 2021, respectively, but neither has fixed the problem. (Ionut Ilascu / Bleeping Computer)

Related: ZDNet Security, Daily Mail, MacRumors, Cybersecurity Insiders, The Apple Post, iMore, BetaNews, Hackers Review, Tech Xplore, 9to5Mac, Telegraph, Cult of Mac, iMore, The Apple Post, Infosecurity Magazine, Hackers Review

The hacktivist collective Anonymous has released what it claims to be new da…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing