Can you steal $10k from a locked iPhone? [video]
youtube.comThis really bothered me. They absolutely bury the lede that you need a Visa card selected as your Express Transit card. The whole thing is cool, from a hacking perspective, but also feels like they’re being dishonest to make an outrageous video.
You expect me to believe MKBHD keeps a Visa card with $10,000 ready to go as his Express Transit card? I mean, sure, maybe, he is doing extremely well. But he also seems like the kind of informed tech guy that would put two and two together, i.e. “I pay for things so often using my phone I can’t be bothered to authenticate with Face ID, I’ll just put my phone in my pocket and hope no hacker comes by and holds a reader near my phone.”
/rant
> You expect me to believe MKBHD keeps a Visa card with $10,000 ready to go as his Express Transit card?
Why wouldn't he? $10k is not a particularly high credit limit in the US, all things considered, and roughly every other card is a Visa card.
Sure, commuter benefit cards probably have a much lower limit, but not everyone has these. Tourists use express transit too; Apple explicitly nudges you to set it up when you arrive in some cities/countries! So I'd bet you can find more than one person with a >$10k limit and express transit enabled per NY subway train on average.
And since the attack works for lower values too, actual attackers would probably just pick a lower value that will sail through the victim's bank's fraud prevention system, but can still cause a lot of headaches for everyone involved.
so turn transit mode off?
No, just make sure your transit card is not a Visa.