Researchers at the University of Birmingham and University of Surrey say they have uncovered a vulnerability in the Apple Pay-Visa setup that could allow hackers to bypass iPhone’s Apple Pay lock screen, perform contactless payments and get around any established transaction limits.
The vulnerabilities were detected in iPhone wallets where Visa cards were set up in “express transit mode,” the researchers say. The transit mode feature, launched in May 2019, enables commuters to make contactless mobile payments without fingerprint authentication.