Researchers find Apple Pay, Visa contactless hack

Large unauthorised contactless payments can be made on locked iPhones by exploiting how an Apple Pay feature designed to help commuters pay quickly at ticket barriers works with Visa.In a video, researchers demonstrated making a contactless Visa payment of £1,000 from a locked iPhone. The problem, researchers say, applies to Visa cards set up in 'Express Transit' mode in an iPhone's wallet. Meanwhile the iPhone's communications with the payment terminal are modified to fool it into thinking the iPhone has been unlocked and a payment authorised - allowing high value transactions to be made without entering a PIN, fingerprint or using Face ID.In a demonstration video seen by the BBC, researchers were able to make a Visa payment of £1,000 without unlocking the phone or authorising the payment. The researchers say they first approached Apple and Visa with their concerns almost a year ago - there have been "Useful" conversations, but the problem has not been fixed. "In the unlikely event that an unauthorised payment does occur, Visa has made it clear that their cardholders are protected by Visa's zero liability policy".

Read the full story

 Related companies

Make a complaint about Apple by viewing their customer service contacts.

•