If you have graduated to using your mobile phone for making payments, it may not be as secure as you have been told.
Last week, YourLifeChoices reported how contactless mobile payments had surged in recent years and were expected to make up half of all payments by 2025, but this latest research may provide pause for thought.
According to research from the universities of Birmingham and Surrey, vulnerabilities in Apple Pay and Visa could enable hackers to bypass an iPhone’s Apple Pay lock screen and perform contactless payments.
The results, which will be presented at an upcoming security and privacy symposium, found that experts could use an approach to bypass the contactless limit, allowing transactions of any amount to be performed.
The vulnerability occurs when Visa cards are set up in ‘Express Transit mode’ in an iPhone’s wallet.
The Express Transit mode is a feature on many smartphones that enables users to make a swift contactless mobile payment without fingerprint authentication.
The weakness lies in the Apple Pay and Visa systems working together and does not affect other combinations, such as Mastercard in iPhones, or Visa on Samsung Pay.
The researchers found that they were able to use a code to interfere with signals going between an iPhone and a shop card reader and were then able to trick the iPhone into thinking it was talking to an ‘Express Transit’ point when it was actually talking to a shop reader.
The method also persuades the shop reader that the iPhone has successfully completed its user authorisation, so payments of any amount can be taken without the iPhone user’s knowledge, explained Dr Andreea Radu.
“Our work shows a clear example of a feature, meant to incrementally make life easier, backfiring and negatively impacting security, with potentially serious financial consequences for users,” Dr Radu said.
“Our discussions with Apple and Visa revealed that when two industry parties each have partial blame, neither are willing to accept responsibility and implement a fix, leaving users vulnerable indefinitely.”
In other big technology news, many Facebook and WhatsApp users would have woken to these sites disappearing from the internet on Tuesday morning.
The outage also affected Instagram after Facebook appeared to push out an update that broke access to their servers.
“We’re aware that some people are having trouble accessing our apps and products. We’re working to get things back to normal as quickly as possible, and we apologize (sic) for any inconvenience,” Facebook sent out in a message on rival social media platform Twitter.
As of midday Tuesday, all the Facebook-related services appeared to be back up and running as normal.
Were you affected by the Facebook outage? Do you use your phone to make contactless payments? Are you concerned about the security issue? Why not share your thoughts in the comments section below?
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.