Apple Pay: Thieves can steal any amount of money - without identification
As an Apple customer, you are actually used to high security standards. But things cannot always run smoothly, as the example of Apple Pay shows. Criminals can outsmart Apple's contactless payment system, and experts have discovered a security gap. In theory, unlimited amounts can easily be tapped from this.
Apple Pay with Visa Card: Experts Bypass Identification
Security researchers from the Universities of Birmingham and Surrey in England have found that a security problem arises when Apple Pay and Visa cards interact (source: BBC). The reason for this is the "Express Public Transport" function of Apple Pay. Actually, it should make it possible to make small payments, for example at ticket terminals when traveling by bus or train, without unlocking the iPhone. Unlocking by code, fingerprint or Face ID is otherwise used for authentication.
Express public transport is already technically possible for the popular Apple Watches. But: There are practically no corresponding ticket terminals in Germany. In the UK and Japan, for example, they are commonplace (source: Apple). All the more annoying for German customers that the technology can be misused.
Because the experts were able to fool Apple devices into a ticket counter using an NFC-enabled device, connected to an Android smartphone and another device for debiting . Apart from the first NFC-enabled device, nothing and nobody has to be near the iPhone. That alone would be bitter for Apple customers.
The much bigger problem: You could also bypass the small amount limit. In the test, it was possible to debit 1,000 British pounds - currently around 1,160 euros - at once without the iPhone owner having to identify himself. In an emergency, there would also be no notification of the debit. Those affected have practically no chance of noticing the theft before it is too late.
At least you are safe from theft with contactless payment when shopping online - and you can also save money, as you can see in the video :
Apple Pay security vulnerability persists
According to the researchers, both Apple and Visa were informed of the existing problem, first in October 2020. Since then, nothing has happened and the loophole remains. For Apple, the problem lies with Visa, Visa considers its own security mechanisms to be sufficient. The security gap is technically too complex to be exploited in everyday life. There is currently no evidence that this has already occurred.
Comments
Post a Comment