The iPhone is usually believed to be tougher for hackers to get into as compared to Android because of the security and privacy features that iOS comes ingrained with. But, it seems like hackers could have found a way to circumvent the security measures by exploiting a vulnerability with Visa cards, as per a report by The Telegraph, based upon the findings of security researchers at the Universities of Surrey and Birmingham who tested the method.
The report has published its findings of the hacking vulnerability when a Visa Card is set as the default card for Express Transit in Apple Pay on the iPhone (the feature is called Express Travel in the UK). It adds that only the Visa cards could be exploited in this manner and specifically states that the Apple Pay Express Transit paired with Mastercard or American Express Cards are not at risk.
If the hacker has got someone’s iPhone somehow, and even if it is locked, they can reportedly trick the contactless system by making a dummy payment terminal to mimic how a public transport terminal works, which would allow them to make arbitrary transactions and thus siphon off your hard-earned cash as Apple Pay Express Transit allows contactless transactions at London Underground and other modes for which you do not need FaceID or TouchID authentication. The report claims that the researchers were able to make a £1000 transaction using a locked iPhone, without needing any authentication.
“Unlike contactless cards, which cap payments at £45, there is no limit on Apple Pay transactions, meaning hackers could in theory drain a person’s bank account or their credit card limit, merely by stealing an iPhone, or surreptitiously holding a terminal up to a device in a bag or pocket.”, said the report.