We already know that Apple Pay fundamentally gets along with Visa, MasterCard, and American Express. But it seems that one of them is having some other problem. Specifically with Visa. A team of researchers in the UK has discovered security problems related to cards Visa and Apple Pay that could cause attackers to bypass the lock screen and make fraudulent payments.
According to the investigation, carried out by those British investigators (Andreea-Ina Radu, Tom Chothia, Christopher JP Newton, Ioana Boureanu and Liqun Chen.), The failure occurs when Visa cards are configured in Apple’s Express Transit mode (Quickly pay for transportation rides using a credit, debit, or transit card without unlocking your device.) This bug could allow attackers to bypass the terminal’s lock screen and make contactless payments without the passcode. Researchers say the vulnerability only affects Visa cards stored in Wallet. It is caused by a unique code transmitted by the doors through which we must pass to catch the transport.
The researchers got down to business and tested their theory. By using common radio equipment, they were able to carry out an attack and fooled the terminal into thinking it was at a transit gate. The proof-of-concept attack involved an iPhone. However, a similar attack it could affect any device with Apple Pay.
However. This vulnerability is not practical in the real world. Assuming an attacker targeted me and my terminal, they wouldn’t be able to spend a lot of money with this tactic. Since it is designed for express payments in transit and not for payments in commerce where the security measures are greater and other actions are needed by the user.
Nevertheless it’s always okay for vulnerabilities to be discovered to be able to improve and be stronger.