Here's How Researchers Stole $10,000 From MKBHD's Locked iPhone

4 min read Original article ↗

An iPhone exploit that involves a linked Visa card can allow attackers to steal money from a locked device using NFC, but the process is complex, requiring physical access and specialized hardware. The exploit was highlighted by popular YouTube channel Veritasium, and it involves tricking an iPhone into thinking it's making a payment at a mass transit terminal, a process that can be completed from a locked iPhone.

Cybersecurity researchers from the University of Surrey and the University of Birmingham developed the attack to bypass an iPhone's locked status and steal funds from a mobile wallet. The exploit was first publicized in 2021, and it bypasses traditional limits on transaction size. Veritasium demonstrated the attack by collecting $10,000 from YouTuber Marques Brownlee's locked iPhone.

The attack works using an NFC card reader that intercepts the communication between an iPhone and a tap-to-pay terminal when a payment is made. The card reader is connected to a laptop that collects payment data and sends it to a separate burner phone, which is then tapped on a legitimate card reader. The NFC device has to be tuned to the same transit terminal identifier as a legitimate transit reader.

The process requires the victim to have Express Transit Mode enabled for payments, and a Visa card linked for those payments, among other steps. As it turns out, it's a Visa-related security loophole rather than an iPhone issue, and it doesn't work with a Mastercard or an American Express card because other cards use different security methods. It also doesn't work with Samsung Pay on Samsung devices, and it requires the specific combination of a Visa card and an iPhone. Apple told Veritasium that it's an issue with the Visa system, but something unlikely to occur in the real world.

This is a concern with the Visa system, but Visa does not believe this kind of fraud is likely to take place in the real world. Visa has made it clear that their cardholders are protected by Visa's zero liability policy.

Visa also told Veritasium that the exploit was very unlikely from a scaled real world setting, and any such transactions can be disputed. The researchers who shared the exploit said users can protect themselves by not using a Visa card on the iPhone for transit purposes.

Popular Stories

American Express Announces New Apple Pay Feature

American Express today announced that you can now redeem Membership Rewards points when checking out with Apple Pay on the web and in apps on the iPhone and iPad. When checking out with Apple Pay on iOS 18 or iPadOS 18 or later, tap on your eligible American Express card (Platinum, Gold, Green, and others) and select the Membership Rewards points option. You can use points to cover all or...

Apple Acquires Award-Winning App 'Play'

In February, Apple notified the European Commission that it would be acquiring certain assets from and have the right to hire certain employees from Rabbit 3 Times, the company behind the award-winning app design tool Play. The notification was published on the European Commission's website this week, following a four-month waiting period. Play was a Mac and iPhone app that allowed designers ...

Report: Apple Watch Redesign Coming Next Year With New Band System

A "major overhaul" of the Apple Watch's design is due to arrive next year with a new system for connecting bands, according to a known Weibo leaker. In a set of recent posts, the leaker known as "Instant Digital" linked the new claim to older rumors about an "Apple Watch X" model, which was said to introduce a fresh design and break compatibility with the existing watch band system. Citing...