A new Apple Pay vulnerability has been found by experts in the University of Birmingham’s School of Computer Science and the University of Surrey’s Department of Computer Science.
The vulnerability in Apple Pay and Visa could enable hackers to bypass an iPhone’s Apple Pay lock screen and perform contactless payments reports Birmingham University.
The researchers discovered the vulnerability occurs when Visa cards are set up in ‘Express Transit mode’ in an iPhone’s wallet.
Transit mode is a feature on many smartphones that enables commuters to make a swift contactless mobile payment at, for example, an underground station turnstile, without fingerprint authentication.
The weakness lies in the ApplePay and Visa systems working together and does not affect other combinations, such as Mastercard in iPhones, or Visa on Samsung Pay.
According to the Birmingham University website, Dr. Andreea Radu, who co-authored the research that uncovered the vulnerability said; ““Our discussions with Apple and Visa revealed that when two industry parties each have partial blame, neither are willing to accept responsibility and implement a fix, leaving users vulnerable indefinitely.”
Tell us your thoughts in the Facebook post and share this with your friends.