Persistent iPhone Security Loophole Allows Unauthorized Ten Thousand Dollar Visa Payments In Controlled Settings
A 2021 iPhone vulnerability remains unpatched in 2026, allowing unauthorized Visa payments via Express Transit. See the technical details.
By: AXL Media
Published: Apr 16, 2026, 8:44 AM EDT
Source: Information for this report was sourced from 9to5Mac
Technical Exploitation Of The Express Transit Protocol
A detailed investigation by the Veritasium YouTube channel has brought renewed attention to a niche but significant security flaw that enables unauthorized high value payments from locked iPhones. By utilizing specific technical hacks, researchers demonstrated that an iPhone can be deceived into communicating with what it believes to be a mass transit terminal. This deception leverages Apple’s Express Transit feature, which is designed to allow commuters to pay fares without unlocking their devices or authenticating with biometrics. While intended for small transit fees, the vulnerability allows attackers to bypass standard payment limits in a controlled environment.
Tricking Hardware Safeguards Through Terminal Mimicry
The method discovered by Professors Ioana Boureanu and Tom Chothia involves a sophisticated relay attack that overcomes multiple Apple safeguards. By tricking the iPhone’s Near Field Communication system into a transit handshake, the researchers were able to extract a payment of 10,000 dollars. This process requires a highly specific set of conditions and unique hardware configurations to successfully spoof the terminal’s identity. Although the demonstration was successful in a laboratory setting, the complexity of the equipment and the necessity of close physical proximity to the target device present significant hurdles for real world application.
Vendor Specific Risks For Visa Cardholders
The scope of this vulnerability is notably limited to a single payment network, according to the researchers' findings. The exploit only functions when a Visa card is actively set up as the primary Express Transit option within the iPhone’s wallet settings. Testing indicated that Mastercard and other major vendors are not susceptible to this specific relay method, suggesting that the flaw exists at the intersection of Apple’s software logic and Visa’s communication protocols. This finding has narrowed the focus of the security concern to a specific subset of Apple users who utilize Visa for automated transit payments.
Categories
Topics
Related Coverage
- Persistent Visa Payment Vulnerability Allows Funds To Be Drained From Locked iPhones Via Transit Mode
- Researchers Demonstrate $10,000 Apple Pay Vulnerability Exploiting iPhone Express Transit Mode
- Improbable Visa Loophole Allows Researchers to Bypass Apple Pay Security for $10,000
- NFC Security Breach In Birmingham Demonstration Exposes Ten Thousand Dollar Visa Vulnerability On Locked iPhones