Apple Pay and Visa - open for exploitation

Unlike Mastercard and Samsung Pay, Visa and Apple Pay can be exploited.

The denials by both Apple and Visa follow a well worn pattern - “Nothing to see here!” comes first with the obligatory “we care about your security blah blah blah” tacked on to the end. Then they say something along the lines of “only in the lab”. Oh and “we take your security seriously …” The cost of the exploit is then also a reason why it can’t happen - it is true that if it takes £1000 to steal £10 then you are not going to see it in the wild but!! Criminals have a way of making things cost effective - and by criminals I also include large corporations - and they learn to scale.

In this case though it appears that the cost of entry isn’t that high, that the phones don’t have to be unlocked and it the actual exploit can be done remotely although the hardware has to be in range of the phone.

It is only a matter of time before “in the lab under special circumstances” becomes widely available for a very small amount of money.

Just fix it Apple.