Blog

Hackers Find Security Vulnerability With Apple Pay

Oct 14, 2021 | Blog

Do you have an iPhone? Do you make use of the Apple Pay service? If so there is a security issue you need to be aware of. Researchers have discovered a means by which fraudulent payments can be made from a locked iPhone.

Two conditions must be true for the flaw to be exploited. The user must have a Visa card in their digital wallet and they must have express mode enabled.

Essentially the flaw amounts to digital pick-pocketing. It can be performed even if the owner of the phone has it tucked away in a bag or pocket. Even worse is the fact that there is no transaction limit.

This issue was apparently created when the company attempted to solve a separate issue. Apple users had been complaining that Apple Pay was sometimes cumbersome to use because it required the user to unlock the phone with a password, Touch ID, or Face ID.

In order to improve the overall user experience the company added an Express Mode to the service allowing transactions to be completed without the phone being unlocked.

When users enable this option in Apple Pay they get a notification that reads as follows:

The card you select will work automatically without requiring your Touch ID or your passcode. Just hold iPhone near a supported transit reader.”

The researchers were able to emulate a ticket-barrier transaction of the kind you’d find in a mass transit station by using a Proxmark device which acted as a card reader. This device communicated with the target iPhone with an NFC chip that communicated with a payment terminal.

It’s easy enough to see how this story ends. Although not yet ubiquitous attacks like this are already being seen in the wilds and they will only increase in popularity over time.

As of now there is no fix for this issue. Visa and Apple insist that it’s a problem the other company needs to take charge of fixing. The best thing you can do to avoid the issue is to steer clear of Express Mode.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech