Overview
- Veritasium, which published its test Wednesday, siphoned $10,000 from Marques Brownlee’s locked iPhone in a controlled demo.
- The method spoofs a transit gate to trigger Express Transit on iPhone, then relays data through a laptop and a phone acting as a card to complete a large tap‑to‑pay charge.
- The setup needs the phone in hand and custom hardware tuned to a transit terminal ID, so the attack is complex and not a drive‑by tap.
- The flaw only applies when a Visa card is set as the iPhone’s Express Transit card, and it does not work with Mastercard, American Express, Google Wallet, or Samsung Pay.
- Apple attributes the weakness to Visa’s transit processing, Visa calls real‑world exploitation very unlikely and says its zero‑liability policy would reimburse victims, and researchers advise removing Visa from Express Transit or disabling the feature.