UK academics have uncovered mobile security issues in Visa and Apple payment mechanisms that could result in fraudulent contactless payments.
On Thursday, academics from the UK’s University of Birmingham and University of Surrey revealed the technique, in which attackers could bypass an Apple iPhone’s lock screen to access payment services and make contactless transactions.
A paper on the research, “Practical EMV Relay Protection,” (.PDF) is due to be published at the 2022 IEEE Symposium on Security and Privacy, and has been authored by Andreea-Ina Radu, Tom Chothia, Christopher J.P. Newton, Ioana Boureanu, and Liqun Chen.
According to the paper, the ‘vulnerability’ occurs when Visa cards are set up in Express Transit mode in an iPhone’s wallet feature. Express mode has been designed with commuters in mind, when they may want to quickly tap and pay at a turnstile to access rail, for example, rather than hold up a line due to the need to go through further
Read the article