Video shows how to steal $10,000 from locked iPhone in controlled setting

Source: 9to5Mac

Veritasium video highlights niche security vulnerability first exposed in 2021

A new video from the Veritasium YouTube channel shows how a niche loophole could allow someone to steal $10,000 from a locked iPhone—though you probably don’t need to worry.

Video overview

• The video demonstrates a specific vulnerability that has existed since 2021 and remains unaddressed.
• Professors Ioana Boureanu and Tom Chothia discovered that a locked iPhone can be tricked into making an NFC payment.
• You can watch the full video here: Veritasium – How to steal $10,000 from a locked iPhone.

Technical details

• The attack tricks the iPhone into believing a payment terminal is a mass‑transit terminal using Apple’s Express Transit feature.
• It then bypasses additional Apple safeguards to extract the funds.
• The method only works when a Visa card is set as the iPhone’s Express Transit option in Settings; it does not apply to Mastercard or other vendors.

Apple and Visa responses

• Apple told Veritasium that the issue originates from a concern on Visa’s end.
• Visa stated that its cardholders are protected by a zero‑liability promise, which would cover any loss if the vulnerability were exploited.
• Visa also described the exploit as “very unlikely” in real‑world settings, noting that it requires a highly controlled environment.

Community reaction

What are your takeaways from the video? Let us know in the comments.