Security Experts Warn of Apple Pay Express Transit Hack That Enables Large Unauthorized Visa Payments From Locked iPhones

Researchers in the U.K. have demonstrated how large unauthorized contactless payments can be made on locked iPhones by exploiting Apple Pay's Express Transit feature when set up with Visa.

apple pay express transit london
Express Transit is an ‌Apple Pay‌ feature that allows for tap-and-go payment at ticket barriers, eliminating the need to authenticate with Face ID, Touch ID, or a passcode. The device does not need to be wakened or unlocked to use Express Transit.

Computer Science researchers from Birmingham and Surrey Universities demonstrated to the BBC how the attack works by exploiting a weakness in the Visa contactless system through the use of a small piece of commercially available radio equipment, which is placed near the phone and masquerades as a ticket barrier.

An Android phone running an app developed by the researchers is used to relay signals from the iPhone to a contactless payment terminal and modifies the communications to fool the terminal into acting as if the ‌iPhone‌ has been unlocked and a payment authorized.

In demonstrating the attack, researchers made a contactless Visa payment of £1,000 from a locked ‌iPhone‌. The scientists only took money from their own accounts. The researchers said the Android phone and payment terminal used don't need to be near the victim's ‌iPhone‌ as long as there's an internet connection.

Apple told the BBC the matter was an issue with the Visa system.

"We take any threat to users' security very seriously," said Apple. "This is a concern with a Visa system but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place. In the unlikely event that an unauthorized payment does occur, Visa has made it clear that their cardholders are protected by Visa's zero liability policy."

The researchers said the attack might be easiest to deploy against a stolen ‌iPhone‌, although there's no evidence that the hack has been used in the wild. Visa said payments were secure and attacks of this type were impractical outside of a lab.

"Visa cards connected to Apple Pay Express Transit are secure, and cardholders should continue to use them with confidence," said a Visa spokesperson. "Variations of contactless fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world."

The researchers told the BBC they first approached Apple and Visa with their concerns almost a year ago, but despite "useful" conversations, the problem has not yet been fixed. The researchers also tested Express Transit with Mastercard but found that the way its security works prevented the attack.

"It has some technical complexity," said Dr Andreea Radu, of the University of Birmingham, who led the research. "But I feel the rewards from doing the attack are quite high. In a few years these might become a real issue."

Dr Tom Chothia, also at the University of Birmingham, advised ‌iPhone‌ users to check if they have a Visa card set up to use Express Transit and if so, disable it. "There is no need for ‌Apple Pay‌ users to be in danger, but until Apple or Visa fix this they are," he said.

Related Roundup: Apple Pay

Top Rated Comments

canadianreader Avatar
34 months ago
"The researchers told the BBC they first approached Apple and Visa with their concerns almost a year ago, but despite "useful" conversations, the problem has not yet been fixed."

Rough week for Apple ?
Score: 27 Votes (Like | Disagree)
match14 Avatar
34 months ago
In the article on the BBC website, it said the researchers also tested this with a MasterCard but found its security prevented the attack.
Score: 18 Votes (Like | Disagree)
matrix07 Avatar
34 months ago

Apple Security has got infected with Jelly Roll
What's it got to do with Apple when this hack can do nothing on the same system with Master Card ?
Score: 12 Votes (Like | Disagree)
Richu Avatar
34 months ago
Tbh the consumers aren’t at risk since VISA covers eventual losses. There’s nothing to be upset about.

There’s a countless number of scams that can be run against VISA. that they do risk/reward calculations on different prevention systems.
- A lot of the time the scams aren’t profitable (or even doable) for the scammer to run at scale
- Other times it’s not profitable to prevent at scale, thus better to just absorb the cost and compensate the consumer
- Lastly, sometimes it makes sense to prevent the scam... A lot of we’ve never heard of because they’re already prevented
Score: 12 Votes (Like | Disagree)
matrix07 Avatar
34 months ago

Where’s the people who was telling everyone they only trust their credit card to Apple and non third parties?

The irony.
Re-read the article perhaps.
Score: 11 Votes (Like | Disagree)
Pezimak Avatar
34 months ago
I appreciate Visa defending here claiming it's not possible to do outside a lab and Apple seemingly just passing the blame and responsibility onto Visa, but organised gangs will find a way regardless if the exploit exists, bedsides I find it incredibly stupid to allow your phone to be used for payments of anything WITHOUT unlocking it in anyway.
I suggest they forget the convenience and activate some security. People will just have to unlock there phones, better safe then sorry as they say.
Score: 9 Votes (Like | Disagree)

Popular Stories

iOS 17

Troubling iOS 17.5 Bug Reportedly Resurfacing Old Deleted Photos

Wednesday May 15, 2024 5:29 am PDT by
There are concerning reports on Reddit that Apple's latest iOS 17.5 update has introduced a bug that causes old photos that were deleted – in some cases years ago – to reappear in users' photo libraries. After updating their iPhone, one user said they were shocked to find old NSFW photos that they deleted in 2021 suddenly showing up in photos marked as recently uploaded to iCloud. Other...
CarPlay Sound Recognition

Apple Previews Three New CarPlay Features Coming With iOS 18

Wednesday May 15, 2024 9:18 am PDT by
Apple today previewed new accessibility features coming with iOS 18 later this year, and this includes some new options for CarPlay. Apple highlighted three new features coming to CarPlay: Voice Control: This feature will allow users to navigate CarPlay and control apps with just their voice. Color Filters: This feature will make the CarPlay interface visually easier to use for...
General Apps Messages

iMessage Down for Some Users [Update: Service Restored]

Thursday May 16, 2024 3:00 pm PDT by
The iMessage service that Apple users to send messages to one another appears to be down for some users, and messages are failing to go out or are taking an extra long time to send. There are numerous reports about the issue on social networks and a spike of outage reports on Down Detector, but Apple's System Status page is not yet reporting an outage. Update: Apple's status page says...
apple tv 4k red image

Apple Releases tvOS 17.5

Monday May 13, 2024 10:01 am PDT by
Apple today released tvOS 17.5, the fifth update update to the tvOS 17 operating system that came out last September. tvOS 17.5 comes two months after the release of tvOS 17.4. tvOS 17.5 can be downloaded using the Settings app on the ‌Apple TV‌. Go to System > Software Update to get the new software. ‌Apple TV‌ owners who have automatic software updates activated will be upgraded to ...
ChatGPT for Mac

OpenAI Announces ChatGPT App for Mac, GPT-4 for Free, and More

Monday May 13, 2024 10:43 am PDT by
At its Spring Update event, OpenAI announced that it will be releasing a desktop app for the Mac, as seen in the screenshot below. The app will be rolling out to ChatGPT Plus subscribers starting today, ahead of a wider launch "in the coming weeks." "With a simple keyboard shortcut (Option + Space), you can instantly ask ChatGPT a question," OpenAI's press release says. In addition, Voice...
maxresdefault

Hands-On With the New M4 OLED iPad Pro

Wednesday May 15, 2024 10:40 am PDT by
Today is the official launch day of the new iPad Pro models, and these updated tablets mark the biggest feature and design refresh that we've seen for the iPad Pro in several years. We picked up one of the new 13-inch models to check out everything new. Subscribe to the MacRumors YouTube channel for more videos. When it comes to design, Apple is still offering 11-inch and 13-inch size options ...