Sign in Subscribe
News

How Researchers Stole $10,000 From MKBHD’s Locked iPhone

Hallie Lawson

2 min read
Share
How Researchers Stole $10,000 From MKBHD’s Locked iPhone
Photo by TARUN RAJ BN / Unsplash
A previously documented Apple Pay and Visa exploit has resurfaced after a high-profile demonstration showed it could still be used to trigger a large unauthorized payment on a locked iPhone.

A newly resurfaced payment exploit is drawing attention after researchers demonstrated how $10,000 could be charged from Marques Brownlee’s locked iPhone in a controlled setup. The attack, recently highlighted by Veritasium is tied to a previously disclosed weakness involving Apple Pay, Visa, and Express Transit mode.  

What the Exploit Does

The method allows an iPhone to process a payment while still locked, but only under very specific conditions. According to the original research from the University of Birmingham and the University of Surrey, the issue affects iPhones with a Visa card configured for Express Transit, a feature designed to let users pay quickly at transit gates without Face ID, Touch ID, or a passcode.  

Researchers said the weakness comes from the way Apple Pay and Visa interact in that transit flow. In their findings, they showed that it could be used to bypass the normal lock-screen protections for contactless payments and even allow transactions above standard contactless limits.  

How the Demo Worked

The demonstration relied on NFC hardware, a laptop, and a relay process that made the iPhone interpret the transaction as a transit payment. The attack also required physical proximity and a highly specific hardware configuration, making it far more complex than ordinary payment fraud, but could be disguised.

The exploit is not described as a broad issue affecting all cards or all mobile wallets. The research and later reporting both state that the attack was tied specifically to the combination of a Visa card on Apple Pay, and did not work in the same way with Mastercard, American Express, or Visa on Samsung Pay in the researchers’ testing.

What’s Actually Causing the Issue

The underlying issue appears to be more closely related to Visa’s payment verification process than to the iPhone or Apple Wallet itself. According to the research, Mastercard and American Express used additional security checks for Apple Wallet Express Transit transactions, while Visa does not apply the same protections in this case. That difference is what made the demonstrated exploit possible.

Why it Matters

While the real-world conditions required for the exploit are highly specific, the demonstration highlights how convenience features like Express Transit can introduce edge-case vulnerabilities when security checks differ between payment networks.