Apple’s Apple Pay digital wallet pays any amount required of it without authorization when configured for transit mode with a Visa card and exposed to a hostile contactless reader.
Boffins from the University of Birmingham and the University of Surrey in England have managed to lift the contactless payment limit on iPhones with Apple Pay and Visa cards when “Express transit“Mode has been activated.
Express public transport mode enables Apple Pay transactions without unlocking an iPhone or requiring authentication. It is intended as a convenience feature to ease the fees when passing through ticket counters for public transport that support contactless readers such as Europay, Mastercard and Visa (EMV).
Our work shows a clear example of a feature … that backfires and has a negative impact on safety
“Our work shows a clear example of a feature that is designed to gradually make life easier, backfire and negatively impact safety, with potentially serious financial consequences for users,” said Dr. Andreea-Ina Radu from the School of Computer Science at the University of Birmingham, in a statement on Thursday.
The researchers involved – Andreea-Ina Radu and Tom Chothia in Birmingham and Ioana Boureanu, Christopher JP Newton and Liqun Chen in Surrey – said they reported the error to Apple in October 2020 and Visa in May 2021. Companies were unable to report due to finger pointing work together towards a solution.
“Our discussions with Apple and Visa have shown that when two industry parties are each partially to blame, neither is willing to take responsibility and implement a solution that leaves users indefinitely vulnerable,” said Radu.
The research presented at the 43rd IEEE Symposium on Security and Privacy in May 2022 relies on an MITM Replay and relay attacks on iPhones with a Visa card known as a “transport card”. In other words, the signaling between the iPhone and the public transport payment system is faked by a fraudulent terminal to open Apple’s digital wallet.
“If the standard ISO 14443-A WakeUp command is preceded by a non-standard byte sequence (Magic Bytes), Apple Pay will treat this as a transaction with a transport EMV reader,” the researchers explain in a description of their attack.
The Magic Bytes represent a code sequence that is broadcast by transit gates or turnstiles to activate Apple Pay. After identifying this code with radios, the researchers found that they could transmit it with altered data fields to duplicate appropriately configured iPhones. By changing certain fields in the wireless protocol, they can convince vulnerable iPhones to treat a transaction entered into a business contactless card reader as if it came from a transit gate where confirmation is not expected.
Fiddling around with data – setting a bit flag for the cardholder’s verification method on the consumer device – tells the EMV reader involved in that interaction that the user authentication on the device authorized the amount, eliminating transactions over the contactless payment limit without an Knowledge of the victim.
The primary requirement for this attack scenario is a stolen, active iPhone that is configured with a Visa card as described. The researchers claim that funds could be stolen from a vulnerable iPhone in a victim’s pocket, provided proximity to the required hardware can be arranged.
“All an attacker needs is a stolen iPhone that is turned on,” the team wrote. “The transactions could also be forwarded to someone without the knowledge of an iPhone in their pocket. The attacker does not need any help from the merchant, and backend fraud detection checks have not stopped any of our test payments.”
The scientists also developed a separate attack against the Visa-L1 protocol, intended as a defense against such relay schemes. Visa-L1, the researchers explain, assume that the attacker will not be able to change the UID of a card or a cell phone and that the routing of ISO 14443 messages is difficult due to time constraints. These are wrong assumptions.
Visa believes that rooting an Android smartphone is a difficult process that requires high levels of technical expertise
“The attack is possible because the security of the protocol is based on a random value that is only sent from the card side and that we can manipulate, and there is no coincidence from the EMV reader,” the scientists explain.
“The protocol is designed to protect against attackers using unmodified devices, and Visa believes that rooting an Android smartphone is a difficult process that requires a high level of technical expertise.”
In place of L1, scientists have proposed a new relay-resistant protocol, L1RP, which they claim to be through a security protocol verification tool called. to have proven Tamarin.
Radu et al suggest that no one should use a Visa card as a transportation card in Apple Pay while we wait for Apple and Visa to reply.
Neither Apple nor Visa responded to requests for comment. ®