Researchers discover bypass ‘bug’ in iPhone Apple Pay, Visa to make contactless payments

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

UK academics have uncovered mobile security issues in Visa and Apple payment mechanisms that could result in fraudulent contactless payments.

On Thursday, academics from the UK’s University of Birmingham and University of Surrey revealed the technique, in which attackers could bypass an Apple iPhone’s lock screen to access payment services and make contactless transactions. 

A paper on the research, “Practical EMV Relay Protection,” (.PDF) is due to be published at the 2022 IEEE Symposium on Security and Privacy, and has been authored by Andreea-Ina Radu, Tom Chothia, Christopher J.P. Newton, Ioana Boureanu, and Liqun Chen.

According to the paper, the ‘vulnerability’ occurs when Visa cards are set up in Express Transit mode in an iPhone’s wallet feature. Express mode has been designed with commuters in mind, when they may want to quickly tap and pay at a turnstile to access rail, for example, rather than hold up a line due to the need to go through further

Read the article