Recently, there was a viral video where a user of iPhone showed how they earn through contactless Visa with a locked iPhone. He made a payment of almost $1000 to demonstrate the occasions.
Payment methods were very secure; the company behind the technology, Apple, blames the visa system. Visa, on the other hand, said that such malicious practices were modifications of external companies. The leak works with the ‘Express Transit’ mode, found in the iPhone’s wallet. This means all the blame goes to the silicon valley giant tech company, a report by BBC.
Apple made the ‘Express Transit’ payment method that allows their communities to pay using contactless payment. While making payments, one can decide not to unlock their iPhones. For example, while at the London Underground ticket barrier, you might decide to touch –in and out, and you’re done.
Researchers have found simple hacks on the Visa systems that allow smart hackers to steal money. Computer science departments discovered the attacks in Birmingham and Survey Universities. So the scientists decide to experiment and demonstrate how the action takes place. Here is a small preview of what usually happens.
The owner decides to place radio equipment near the iPhone. This makes the iPhone hangs to the nearest ticket barrier. While holding an Android phone with the same Visa software application sends signals from the nearest iPhones to the contactless terminal. It can be a shop or any criminal control point.
The iPhone doesn’t need to be unlocked. It only assumes it’s sending money to an external ticket barrier. The communication between the payment terminal and the iPhone is modified to make the phone think it is under unlocked circumstances. This allows it to make huge transactions to unauthorized a person. The user needs nothing like a fingerprint, face Id, pin, or any password.
The researchers demonstrated the example to BBC News by withdrawing $1000. The report said that the action can occur even when the iPhone’s victim is far away from the Android phone. Internet connection is the key. Even the transaction can even take place from one content to another. In the University of Survey’s lecture, Dr. Loana Boureanu was the leader of the research team.
What about a stolen iPhone?
The was the need to know if any external hackers were exploiting the attack. Because the demonstration only took place in the lab. A cyber security researcher in Pen Testing, Ken Munroe, talks to the BBC about the matter. He said it was fun working on such research. It has opened their eyes to how we view technology. However, there is a need to fix the issue as quickly as possible.
Even contactless credit card terminals have their leakages. But with the Visa and iPhone situation, it’s so risky. There is no need for a terminal barrier. A box of electronics can send signals and transact money at any point. Now, the worst occasion comes to lost iPhone. Yes, it’s always difficult to use a stolen iPhone, but remember the attack can occur while unlocking the gadget. The stolen phone made the attack easier.
The Birmingham and Survey researched told BBC that they had already approached the Visa and Apple companies over the matter a year ago. They are amazed because the company has taken immediate action to fill the gap. Visa replied that their cards were secure.
Apple defends itself
On the other hand, Apple told its users to block a lost phone using the iCloud software. Furthermore, they must take action to alert Visa to block any payments for some time. Steve Jobs’ company said Visa should collaborate to prevent the leak. For real, it’s unlikely that the attack will occur in the real world. But anyway, Visa bragged about their cards being protected by Visa zero liability.
A researcher at Birmingham University, Dr.Andrea Radu, said anything possible in the lab might occur in the real world. Although the attack has some complex technical situations, there is the possibility of smart hackers. Dr. Tom Chothia advised iPhone owners to disable their Visa payments.
The same team from two universities researched MasterCard and Samsung payments but found no leaks. Dr. Loana promised that the two methods were 100% secure and safe.