Apple Pay security flaw allows hackers to steal your money when your iPhone is locked
Researchers in the UK have discovered a flaw in Apple Pay that allows hackers to make unauthorized contactless payments from your iPhone. The researchers from the University of Birmingham and the University of Surrey published a paper on Thursday describing the method by which this flaw can be exploited. Hackers can even bypass the lock screen of an iPhone with this method.
Watch out for this Apple Pay security flaw
The Express Transit feature that Apple first introduced in iOS 12.3 appears to be the culprit behind the vulnerability. With Express Transit, you can quickly pay for rides on public transportation with a card in the Wallet app. As Apple notes on this support page, you don’t have to validate with Face ID, Touch ID, or a passcode. Express Transit is meant to be convenient, but it’s also key to this exploit.