GoKawiilA new video from the Veritasium YouTube channel shows how a niche loophole could allow someone to steal $10,000 from a locked iPhone—though you probably don’t need to worry.
Veritasium video highlights niche security vulnerability first exposed in 2021
Apple ships new security updates for the iPhone all the time, and documents them publicly here.
But a new video from Veritasium shows how a very specific vulnerability has been around since 2021, and remains unaddressed to this day.
Professors Ioana Boureanu and Tom Chothia discovered that a locked iPhone can be tricked into making an NFC payment. All it takes is a few unique hacks.
The method involves tricking an iPhone into thinking that a payment terminal is actually a mass transit terminal that’s using Apple’s ‘Express Transit’ feature. The video explains how the method then overcomes a couple other Apple safeguards so as to extract $10,000 from the iPhone.
You can watch the full video below for more details:
The vulnerability only works when a Visa card is set up as iPhone’s ’Express Transit’ option in Settings. It doesn’t apply to Mastercard or other vendors.
Apple told Veritasium that the issue stems from a concern on Visa’s end.
Visa, meanwhile, said that its cardholders are protected by a zero liability promise that would cover any potential loss if the vulnerability was successfully exploited. However, it called the vulnerability “very unlikely” in real-world settings, despite it being possible within a highly controlled setup.
... continue reading