unilad homepage
unilad homepage
  • News
    • UK News
    • US News
    • World News
    • Crime
    • Health
    • Money
    • Sport
    • Travel
  • Music
  • Technology
  • Film and TV
    • News
    • DC Comics
    • Disney
    • Marvel
    • Netflix
  • Celebrity
  • Politics
  • Advertise
  • Terms
  • Privacy & Cookies
  • LADbible Group
  • LADbible
  • SPORTbible
  • GAMINGbible
  • Tyla
  • UNILAD Tech
  • FOODbible
  • License Our Content
  • About Us & Contact
  • Jobs
  • Latest
  • Archive
  • Topics A-Z
  • Authors
Facebook
Instagram
X
Threads
TikTok
YouTube
Submit Your Content
Expert exposes tap-to-pay flaw that can steal thousands from a locked iPhone
Home>News>US News
Published 20:49 16 Apr 2026 GMT+1

Expert exposes tap-to-pay flaw that can steal thousands from a locked iPhone

Hackers can steal thousands from your bank account just by standing near your iPhone, using an exploit that has been around for years

William Morgan

William Morgan

google discoverFollow us on Google Discover
Featured Image Credit: YouTube/Veritasium

Topics: iPhone, Apple, Crime

William Morgan
William Morgan

Advert

Advert

Advert

Tapping your phone to pay for everything from riding the subway to groceries and even larger purchases has become a regular part of our everyday lives, but a major exploit has been around for years that can use this technology to empty your bank account.

Though quite complicated to carry out, cybersecurity experts have identified a major flaw in the process through which your iPhone deploys this tap-to-pay feature, with this flaw even being exploitable when your device is locked and the screen is off.

Educational YouTube channel Veritasium recently featured this terrifying contactless payment hack in a video, even extracting a whopping $10,000 from a test case's iPhone in just a matter of seconds using a couple of devices.

This can happen to anyone who has linked a Visa card on their phone, with hackers only having to press a specialized card reader against your device to snatch thousands of dollars without you even noticing.

Advert

Thousands of dollars could be drained from your bank account in a matter of seconds with the exploit (Getty Stock Images)
Thousands of dollars could be drained from your bank account in a matter of seconds with the exploit (Getty Stock Images)

The hack is classified as a 'man in the middle attack', as it depends on the thief intercepting a signal that would normally tell your phone that it is interacting with a mass transit terminal.

These tap to pay card readers, often found at the entrance to subways or at bus terminals, are unique in the world of contactless card readers as they do not even require you to unlock your screen to pay for your journey.

While this is very handy when you're rushing for public transport, ingenious cybersecurity experts have figured out how to capture the wireless signals put out by these transit terminals. Which fools your iPhone into thinking it is making a travel payment, meaning you do not need to unlock it.

Veritasium worked with two experts who discovered this flaw in Apple's tap to pay software to show off this exploit, explaining how a few minor changes in the computer binary that your iPhone uses to make a payment can allow hackers to take as much as they like, all while your phone is locked.

Ioana Boureanu from the University of Surrey and Tom Chothia from the University of Birmingham first discovered this exploit by recording the data being emitted by mass transit terminals and then tweaking it.


They realized that iPhone users with a Visa card set up on their phone were vulnerable to this exploit, while others were not, as a specific security flaw between the Apple product and the bank card allows them to charge any amount they like - so long as it is actually in that account.

So using a device that tricks a phone into thinking it is near a transit terminals, they were able to then intercept the signal sent back by your phone to convince it that it was about to make a low-value payment, which they'd altered in the binary so putting through $10,000 would register as a small amount of money.

This is not to say that this hack is simple, there are even more complicated steps that involve fooling Visa's encryption to allow the payment to go through, and reasons for why it works.

But it is worth remembering that, while this exploit is very real and has been known since 2021, it does require you to have two specific things to make it work - an iPhone and a registered Visa card for transit purposes.

Furthermore, the technical set up for this scam is quite complex, requiring a specific type of card reader that is connected to a laptop, and a payment terminal to put through the bogus payment. This would likely require two people to pull off.

It is not impossible that tech-savvy thieves could figure out this set up and even use it against people, but they would have to get close enough to press their hacking device against your iPhone to make the payment in the first place.

Apple has been approached for comment.

Choose your content:

an hour ago
4 hours ago
5 hours ago
12 hours ago
  • Richard Pelham/Getty Images
    an hour ago

    FIFA share update after Argentina hold up Falklands banner at World Cup

    It's not the first time Argentina have been punished for holding the banner

    News
  • Natasha Breen/REDA/Universal Images Group via Getty Images
    4 hours ago

    'Sauerkraut' diet explained as Trump officials encourage people to try it

    High-ranking members of the administration—including JD Vance and RFK Jr.—have sparked a massive viral wellness craze.

    News
  • Saul Loeb/Pool - Getty Images
    5 hours ago

    Donald Trump launches primetime attack on 'broken' US election system and points finger of blame at China

    The President suddenly declassified a massive wave of secret files during a highly chaotic live address from the East Room

    News
  • (Photo by Masashi Hara/Getty Images)
    12 hours ago

    Erling Haaland issues hilarious response after 'ignoring' Tom Holland’s DM request to hang out

    The soccer star had 'no idea' who the actor was when he first reached out

    News
  • Little known iPhone trick can stop people from being able to snoop through your phone
  • iPhone users warned to delete concerning iCloud email that puts them at risk
  • Experts issue warning to all iPhone users over Apple Pay scam that is draining bank accounts
  • Reason why you should always include ‘Sent from my iPhone’ when emailing someone