31/12/2022 / turkeywilliams

Cybercriminals could make contactless payments without unlocking smartphones, according to a study by researchers from the University of Birmingham and Surrey.These "pirates" could indeed bypass the Apple Pay locking screen of an iPhone, as soon as the device portfolio has a visa card configured in "transit" mode.Thus, they would have the total freedom to make fraudulent purchases.These attackers could, at the same time, bypass contactless and perform unlimited transactions, even with a locked iPhone.

The user of a smartphone, to make a payment via an application, must for example scan their fingerprint or face ID, or enter their PIN code to authenticate the transaction, which reduces the risk of attacks.To "facilitate payment at the transport ticket stations", Apple has set up the express transit/travel functionality, allowing Apple Pay without unlocking the phone in 2019.

"We show that this feature can be used to bypass the Apple Pay locking screen, and pay illegally from an iPhone locked, using a Visa card, to any EMV player, for N 'No matter what amount, without the authorization of the user "explain the researchers in a research article.

"The attack works"

Des pirates pourraient effectuer des paiements sans contact malgré le verrouillage de l'IPhone

To make this hacking, the iPhone must have a visa card configured for payment with the activated travel mode mode.The victim should not be far away, even if his phone is in his luggage."The attack works by first replaying the Magic bytes to the iPhone, so that it believes that the transaction takes place with an EMV transport reader.Then, during the transmission of EMV messages, the terminal transaction qualifiers (TTQ), sent by the EMV terminal, must be modified so that the bits for the authentication of offline data (ODA), online authorizationsand EMV mode are activated "detail the researchers.

The limit of contactless payment could also be diverted, because to a modification of the Card Transaction Qualifiers (CTQ)."This makes it possible to deceive the EMV reader by making him believe that user authentication on the device has been carried out (for example, by fingerprint).The CTQ value appears in two messages sent by the iPhone and must be modified in the two occurrences ".Thus, during their test, the researchers were able to carry out a transaction of 1,000 pounds, or about 1,180 euros.

Tags:
  • How to lock the screen on iPhone 11