Here's How Researchers Stole $10,000 From MKBHD's Locked iPhone

Source: MacRumors

Overview

Researchers from the University of Surrey and the University of Birmingham demonstrated an iPhone exploit that can steal money from a locked device using NFC and a linked Visa card. The attack was highlighted by the YouTube channel Veritasium, which showed $10,000 being taken from YouTuber Marques Brownlee’s locked iPhone. While the exploit is technically feasible, it requires physical access, specialized hardware, and a specific configuration of the victim’s device and payment method.

How the Attack Works

1. NFC Interception – An NFC card reader is placed between the iPhone and a tap‑to‑pay terminal (e.g., a mass‑transit validator).
2. Data Capture – The reader captures the payment data and forwards it to a laptop.
3. Relay to Burner Phone – The laptop sends the captured data to a separate burner phone.
4. Replay Transaction – The burner phone is then tapped on a legitimate card reader that has been tuned to the same transit‑terminal identifier as the original reader, completing the fraudulent payment.

The attack relies on the victim having Express Transit Mode enabled and a Visa card linked for those payments.

Limitations

• Card Type – The exploit works only with Visa cards. Mastercard, American Express, and other cards use different security methods that prevent the attack.
• Device Compatibility – It does not work with Samsung Pay on Samsung devices.
• Hardware Requirements – Specialized NFC hardware and a laptop are needed, making large‑scale attacks impractical.
• Real‑World Likelihood – Both Apple and Visa consider the scenario unlikely to occur in everyday use.

Statements from Visa and Apple

• Apple told Veritasium that the issue originates from the Visa system rather than an iPhone vulnerability.
• Visa emphasized that the exploit is “very unlikely” to be used at scale and that any fraudulent transactions can be disputed.
• Visa also reminded cardholders that they are protected by Visa’s zero‑liability policy.

Protection Recommendations

• Avoid Using Visa for Transit – Users can mitigate the risk by not linking a Visa card to Apple Pay for Express Transit Mode.
• Monitor Transactions – Regularly review payment activity and dispute any unauthorized charges promptly.
• Stay Informed – Keep iOS and Apple Pay updated, as future patches may address related security concerns.