Researchers Stole $10k from MKBHD's Locked iPhone

The source is this a very interesting video: https://youtu.be/PPJ6NJkmDAo

TLDR, it only impacts Visa Cards if you have express transit mode enabled, and relies on a MITM attack.

There are two root issues:

1. iOS does not verify the actual transaction value, it just verifies that a flag is set indicating it’s a low value transaction. (Eg for express transit where no faceID is required.) Apple says the root cause is credit card companies, but they could clearly fix this.

2. In visa transactions with an offline terminal, the credit card doesn’t cryptographically sign the data it’s sending, which is why the MITM attack is able to adjust the transaction metadata getting sent to the phone. (MITM attack basically changes the transaction flow to make it look like an offline transit reader asking for a low value amount of money, and ios approves the transaction with no verification, despite it being for $10k) Mastercard doesn’t have that vulnerability because the transaction metadata is cryptographically protected/verified. Visa claims that the attack is too hard to pull off for it to be worth changing.