Researchers Expose Tap-to-Pay Flaw Allowing Theft from Locked iPhones

4 articles · Updated · MacRumors · Apr 15

Researchers demonstrated how $10,000 could be stolen from a locked iPhone using a complex NFC exploit involving a Visa card and Express Transit mode.
The attack requires physical access, specialized hardware, and only works with Visa cards set for transit payments—not with Mastercard, Amex, or Android devices.
Apple and Visa say real-world risk is low, and Visa's zero liability policy protects cardholders; users can avoid risk by not using Visa for transit payments.

Who is liable for the NFC hack: Apple's software or Visa's outdated security protocol?

Why haven't Apple and Visa fixed a major payment flaw known for five years?

Could this high-tech pickpocketing scheme become a widespread threat to commuters?

Is the convenience of Express Transit worth the risk of a drained bank account?

Can 'zero liability' policies survive in an era of commercialized global cybercrime?