• *Apple Pay Bug: Hackers to Bypass Lock Screen and Spend your Money*

    From August Abolins@2:460/256 to All on Fri Oct 1 04:25:15 2021
    Hi All,
    ...Greets from my Telegram app!

    *Apple Pay Bug: Hackers to Bypass Lock Screen and Spend your Money*

    Researchers in the UK claim they've discovered security lapses with Visa cards and Apple Pay that may result in bad actors bypassing the lock screen and making fraudulent payments.

    According to the findings, the fault happens when the cards are set up in Apple's Express Transit mode on iPhone.

    The researchers say the fault in the coding is only affecting those with Visa cards stored in the iPhone Wallet. Visa says it's nothing to worry about... (ZDNet).

    Ciao!
    /|ug (https://t.me/aabolins)

    ... Searchable Help for OXP https://openxp.kolico.ca
    --- Want fido for iOS/MacOS/Android/Win/Linux? Info=https://shrtco.de/tpJ9yV
    * Origin: Fido by Telegram BBS from Stas Mishchenkov (2:460/256)
  • From Erich B.@1:153/757.2 to August Abolins on Thu Sep 30 18:39:29 2021

    Hi All,
    ...Greets from my Telegram app!

    *Apple Pay Bug: Hackers to Bypass Lock Screen and Spend your Money*

    Researchers in the UK claim they've discovered security lapses with Visa cards and Apple Pay that may result in bad actors bypassing the lock screen and making fraudulent payments.

    According to the findings, the fault happens when the cards are set up in Apple's Express Transit mode on iPhone.

    The researchers say the fault in the coding is only affecting those with Visa cards stored in the iPhone Wallet. Visa says it's nothing to worry about... (ZDNet).

    Ciao!
    /|ug (https://t.me/aabolins)

    ... Searchable Help for OXP https://openxp.kolico.ca
    --- Want fido for iOS/MacOS/Android/Win/Linux? Info=https://shrtco.de/tpJ9yV
    * Origin: Fido by Telegram BBS from Stas Mishchenkov (2:460/256)


    Interesting story.

    $ The Millionaire $
    (Co-SysOp Of The Rusty Mailbox)
    --- SBBSecho 3.14-Linux
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757.2)
  • From Jay Harris@1:229/664 to August Abolins on Thu Sep 30 21:58:01 2021
    On 01 Oct 2021, August Abolins said the following...

    Researchers in the UK claim they've discovered security lapses with Visa cards and Apple Pay

    According to the findings, the fault happens when the cards are set up in Apple's Express Transit mode on iPhone.

    Looks like the only Canadians that have to worry about this live in Vancouver as that's the only place in Canada that supports transit cards.

    https://support.apple.com/en-ca/HT207958


    Jay

    ... Extreme sorrow laughs; extreme joy weeps.

    --- Mystic BBS v1.12 A47 2021/09/29 (Raspberry Pi/32)
    * Origin: Northern Realms (1:229/664)
  • From August Abolins@2:221/1.58 to Jay Harris on Thu Sep 30 22:55:00 2021
    Hello Jay Harris!

    ** On Thursday 30.09.21 - 21:58, Jay Harris wrote to August Abolins:

    According to the findings, the fault happens when the
    cards are set up in Apple's Express Transit mode on
    iPhone.

    Looks like the only Canadians that have to worry about
    this live in Vancouver as that's the only place in Canada
    that supports transit cards.

    https://support.apple.com/en-ca/HT207958

    Ah.. So, this problem only pertained to "transit" payments and
    that transit users were able to get free rides?

    I thought the issue was "may result in bad actors bypassing the
    lock screen and making fraudulent payments". In otherwords..
    someone ELSE could use the transit feature on a locked iPhone
    or something.

    --
    ../|ug

    --- OpenXP 5.0.50
    * Origin: Get MOBILE on your mobile! http://shorturl.at/cfsJ0 (2:221/1.58)
  • From Jay Harris@1:229/664 to August Abolins on Fri Oct 1 09:24:59 2021
    On 30 Sep 2021, August Abolins said the following...

    Ah.. So, this problem only pertained to "transit" payments and
    that transit users were able to get free rides?

    Yup, the user would have to enable the feature:

    "Express Transit is an Apple Pay feature that enables commuters to make quick contactless payments without unlocking their phone."


    Here's how an attack would work:

    "A small commercially available piece of radio equipment is placed near the iPhone, which tricks it into believing it is dealing with a ticket barrier.

    At the same time, an Android phone running an application developed by the researchers is used to relay signals from the iPhone to a contactless payment terminal. Because the iPhone thinks it is paying a ticket barrier, it doesn't need to be unlocked."


    So it sounds like an attacker would need close proximity to an iPhone for this to work, though if the attack was setup in a busy area (like a transit station) they could walk away with a pretty penny:

    "In a demonstration video seen by BBC News, security researchers have shown how they were able to make a Visa payment of 1,000 British Pounds using Apple Pay without unlocking the iPhone or authorizing the payment."


    Jay

    ... It was completely quiet in the stadium - but noisy.

    --- Mystic BBS v1.12 A47 2021/09/29 (Raspberry Pi/32)
    * Origin: Northern Realms (1:229/664)
  • From August Abolins@1:153/757.2 to Jay Harris on Fri Oct 1 09:01:33 2021
    "Express Transit is an Apple Pay feature that enables commuters to make quick contactless payments without unlocking their phone."


    Here's how an attack would work:

    [...]

    I'd fire the engineer/project-manager who decided that by-passing a lock state was a good idea!

    Remember the uPnP thing?

    I think that my Blackberry can be activated even when it is shut down. That feature is designed to ring my phone in case I should need to find it. That's triggered via a website that sends a magic signal and rings the phone! Even that could be exploited.
    --- SBBSecho 3.14-Linux
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757.2)