iPhone users: Remove Visa as a transport card on your Apple Pay.
That’s the latest advice from researchers and experts, who have said they have uncovered a flaw that would allow hackers to bypass security and make unlimited contactless payments.
Researchers worked to exploit the ‘Express Travel’ mode when using Visa cards, and said they could take money from a locked iPhone. It means that the flaw could potentially be exploited to make transactions from an iPhone inside someone’s pocket or bag without them knowing.
The flaw could only be found on Apple Pay when a Visa card in particular was set up as an Express Travel Card, or in Express Transit mode. This mode allows iPhone users to tap in and out of public transport without needing to fully unlock their phone with face recognition ID, fingerprints, or passcodes.
While they’re advising people to deactivate Visa cards from Transport Mode, the researchers have insisted that there is no need for all Apple Pay users to view it as a danger.
The flaw was found using simple radio equipment. With the right electronic setup, they could trick an iPhone into thinking it was communicating with a travel gate, when in reality it was a payment reader.
The team who discovered the flaw are from the University of Birmingham and the University of Surrey. They have alerted Apple and Visa of the problem.