British researchers discovered a vulnerability in Apple Pay that allowed hackers to make contactless payments. In other words, it does not require the user’s permission. Coming from the University of Birmingham and the University of Survey, the researchers published a paper describing a method by which this weakness could be exploited. With this method, hackers can even bypass the iPhone lock screen.
The Express Transit Feature is The Main Problem
According to the paper, the Express Transit feature on the iPhone is at the heart of the problem. This feature was first introduced in iOS 12.3. With the Express Transit feature, users can quickly make transactions via an e-wallet. Users do not need to validate with Face ID, Touch ID, or passcodes to complete transactions through this feature. Features intended for user convenience have instead become key exploits by hackers.
The researchers explain that the ticket reader sends a non-standard sequence of bytes capable of bypassing the iPhone lock screen. They refer to it as a “magic byte” in the research paper. This allows Express Transit and similar features on other devices to work. Then, Apple Paychecks to make sure all payment terms are met. If so, Apple Pay will process the payment.
In the case the researchers found, Apple Pay could be tricked into processing contactless payments. Researchers created fake ticket readers and Apple Pay could make fake payments of any amount through their locked iPhones. Unfortunately, until now Apple and Visa have not done anything to solve this problem. Apple said the best solution for Visa would be to implement additional fraud detection checks, explicitly checking the Issuer Application Data and Merchant Category Code.
Meanwhile, Visa observes that the issue only applies to Apple Pay. They suggested that Apple fix this. However, reports indicate that neither side has implemented any fixes. So that Apple Pay and Visa vulnerabilities are still threatened.