This means the iPhone doesn’t need to be unlocked, nor will owners need to verify their identity with a PIN, Face ID or Touch ID biometric check, to allow transactions to take place. According to the reachers, they were able to mimic the signals from a TfL ticket barrier to charge £1,000 from an iPhone without the owner ever knowing.
It appears the glitch only affects Visa cards on iPhone, and not other card providers, such as Mastercard or American Express. Google and Samsung Pay also appear unaffected by the glitch.
Although it sounds hugely concerning, Visa and Apple have both said that an actual attack is unlikely with Visa saying it was “impractical”
In a statement, Visa said: “Variations of contactless fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world”.
Credit: Source link