The myth that an iPhone cannot be hacked by scammers has fallen. It turns out that a group of researchers from the University of Birmingham and the University of Surrey have figured out how to get into the Apple Pay system with any iPhone and in this way they can defraud payments that users do not make
For this, it is necessary to fulfill some requirements, such as configuring the Visa card in Express Transit mode, as this allows you to evade the lock screen and make fraudulent payments.
Why only with Express Transit?
Experts have found that this bug allows you to “bypass” the lock screen and make contactless payments without the passcode. This will specifically affect Visa cards stored in Wallet and result in a unique code being sent that allows you to pay using your cell phone without unlocking it.
Through a demonstration video, the investigation authors used an iPhone with the screen locked and Quick Transfer mode enabled, with Visa in the Apple Pay Wallet. There you can see how the iPhone 7 is hacked without the user knowing it, these researchers claim that it can even be done on the iPhone 12.
Researchers have found that they can use simple radio equipment to trick the iPhone into thinking it is communicating with a wireless payment system, thus activating Express Transit mode.
The fact is that the signal arrives on the Android phone, which acts as a contactless payment terminal. By modifying the code passed from the iPhone, experts were able to make the contactless terminal believe that the iPhone user accepted the payment. In just under 25 seconds, the investigators managed to steal more than a thousand euros, about 24 thousand pesos.