Security researchers living in the UK discovered a vulnerability in the Apple Pay system.
Discovered by researchers from the University of Birmingham and the University of Surrey, the vulnerability affects Visa cardholder Apple Pay users.
Discovered by Andreea-Ina Radu, Tom Chothia, Christopher JP Newton, Ioana Boureanu, and Liqun Chen, the vulnerability will be published at the 2022 IEEE Security and Privacy Symposium.
Hackers can bypass the Apple Pay system
Stating that the error only occurs on Visa cards defined to the Apple Pay system, the researchers underlined that they can receive payments without unlocking the device thanks to Apple’s Express Transit mode.
Making a statement on the subject, the researchers said, “Apple Pay sends a unique signal to the iPhone to unlock it. By emulating this signal, Express Transit mod can be exploited. Hackers can get paid without requiring a password by bypassing the iPhone lock screen.” used the phrases.
The researchers, who carried out the attack with devices capable of imitating the RF signal, successfully made the payment even though the iPhone was locked.
Noting that this vulnerability is not very useful in practice, the researchers stated that the security measures created by the banks would largely prevent such attacks.
Contacting Zdnet, Visa said, “This type of attack is unfortunately not new. However, we would like to point out that such attacks are not very common and our customers should not worry.” said.