Exposing the flaw in tap to pay

AI Summary

This video from Veritasium, featuring MKBHD, demonstrates a sophisticated hack that allows money to be stolen from a locked iPhone using its 'Tap to Pay' feature. Developed by cybersecurity experts Professors Ioana Boureanu and Tom Chothia, the hack exploits a loophole specific to iPhones with a Visa card enabled for Express Transit Mode. The process involves a 'man-in-the-middle' attack where a series of devices intercept and modify transaction data between the phone and a card reader. The hack bypasses the phone's lock screen by mimicking a transit terminal, tricks the phone into classifying a high-value transaction (e.g., $10,000) as low-value, and then fools the card reader into believing customer verification has occurred. This is possible because critical transaction information is sent unencrypted, and while MasterCard uses an additional asymmetric cryptographic layer that would prevent this, Visa does not require it when the reader is online. The hack was first made public in 2021, yet remains unpatched. Apple attributes the vulnerability to the Visa system, while Visa acknowledges the issue but deems it unlikely in real-world, scaled settings, citing their zero-liability policy for cardholders. Derek Muller, the presenter, critiques Visa's stance, arguing that merely refunding money after the fact is insufficient for a system impacting so many people, advocating for technical changes to prevent the fraud entirely.

Claims Extracted (13)