Recently, a team of researchers in the UK has discovered that there are some security or privacy issues found related to the Apple Pay and Visa cards that may eventually help attackers to easily bypass the lock screen of the device & make fraudulent payments using them without permissions of users. As per the research document, the bug or flaw appears when the Visa cards are set to Apple’s Express Transit mode on an iPhone device.
This flaw could potentially allow hackers or attackers to bypass the screen lock of an iPhone device and make contactless payments without using a passcode or pin. Apple’s Express Transit mode basically allows iPhone or Apple Pay users to make transactions using credit/debit cards or even using transit cards without unlocking their device. The researchers have mentioned that the possible security vulnerability only those Visa cards which are saved in the Wallet.
It’s happening due to the unique code broadcast by transit gates or transit turnstiles that signal an iPhone to unlock Apple Pay. Using the common radio equipment, the researchers have performed an attack that bypassed the lock screen of an iPhone assuming that it’s a transit gate. However, researchers indicate that the attack may not appear on a wide scale. Meanwhile, if even an attacker or a hacker is able to bypass the lock screen and try fraudulent payments from someone’s Apple Pay or Visa Card, these days baking or financial institutes have multiple authorization techniques to by detecting suspicious transactions.
Mostly if there is a big amount to transact, bank authorities may call the account holder to verify the transaction in some countries which is an additional layer of security. For those who don’t know, this research has been done by the University of Birmingham and the University of Surrey in the U.K. It’s also noted that the researchers alerted Apple back in October 2020 and May 2021 about this bug or flaw.
As per Visa’s statement to ZDNet, this kind of attack or bug is quite common these days and there is nothing major for the users to worry about it. However, we’ll recommend to our readers those who’re using Apple Pay to change the device passcode to a new one and try avoiding contactless payments which will drastically reduce the chances of getting a victim.
Meanwhile, Visa has also mentioned that contactless fraud schemes and attacks have been studied in the laboratory for more than a decade now and they’re continuously trying to improve payment security or privacy factors across the ecosystem for everyone on every possible platform.