Exposing the flaw in tap to pay
AI Summary
This video from Veritasium, featuring MKBHD, demonstrates a sophisticated hack that allows money to be stolen from a locked iPhone using its 'Tap to Pay' feature. Developed by cybersecurity experts Professors Ioana Boureanu and Tom Chothia, the hack exploits a loophole specific to iPhones with a Visa card enabled for Express Transit Mode. The process involves a 'man-in-the-middle' attack where a series of devices intercept and modify transaction data between the phone and a card reader. The hack bypasses the phone's lock screen by mimicking a transit terminal, tricks the phone into classifying a high-value transaction (e.g., $10,000) as low-value, and then fools the card reader into believing customer verification has occurred. This is possible because critical transaction information is sent unencrypted, and while MasterCard uses an additional asymmetric cryptographic layer that would prevent this, Visa does not require it when the reader is online. The hack was first made public in 2021, yet remains unpatched. Apple attributes the vulnerability to the Visa system, while Visa acknowledges the issue but deems it unlikely in real-world, scaled settings, citing their zero-liability policy for cardholders. Derek Muller, the presenter, critiques Visa's stance, arguing that merely refunding money after the fact is insufficient for a system impacting so many people, advocating for technical changes to prevent the fraud entirely.
Want claims fact-checked?
Sign up free to run a Deep Sift on this video — verifies every claim with web-grounded research.
Sign Up FreeAI-generated assessment. Verdicts on this page were produced by language models with web search and may contain errors, hallucinations, or out-of-date information. They reflect Bullsift's automated analysis, not editorial judgment. Read the linked sources before relying on any verdict. How this works ·
Claims Extracted (13)
Trending fact-checks
All claims →- Fu Bao's expressions and movements demonstrated a strong bond and happiness towards Kang Cheol-won, who had cared for her since birth at Everland Amusement Park in South Korea.tech·Seen in 1 video
- Mini Circle, a biohacking company in Prospera, is experimenting with follistatin gene therapy to improve muscle, strength, and slow aging, funded by tech billionaires like Sam Altman and Peter Thiel.tech·Seen in 1 video
- Prospera, an experimental zone for governance off the Honduran coast, operates with its own laws and is the first of the sovereign city-states created by tech billionaires behind the dark enlightenment movement.tech·Seen in 1 video
- A mysterious donor named 'P' (allegedly Peter Thiel) donated $500 and 100 subscriptions to Braden Clavicular Peters' Twitch stream and paid for thousands of other viewers' subscriptions.tech·Seen in 1 video
- The 'Enhanced Games' is a for-profit company aiming to generate revenue from the use of enhancement substances.tech·Seen in 1 video
- An influencer detailed a regimen including 500 units of testosterone, 80 units of trenbolone, 50 units of Anavar daily pre-workout, 8 units of growth hormone pre-workout, 15 units post-workout, and 25 units of Lantus insulin daily.tech·Seen in 1 video
Want the full picture?
Install the Bullsift Chrome extension to analyze any YouTube video and get real-time fact-checks.
Install Chrome Extension