The Hidden Flaw in iPhone Security. How $10,000 Can Be Stolen via Apple Pay

Digital security concept with iPhone and financial data stream
Pavlo Zaslonov 8 May 2026
SecurityGadgetsTech News
38 7
Table of Contents

Critical Vulnerability in Express Transit Mode

A recent investigation by Veritasium has exposed a significant security hole involving iPhone and Visa cards. By exploiting the ‘Express Transit’ feature, which allows payments without unlocking the device, attackers can remotely trigger transactions for thousands of dollars. This vulnerability highlights a lack of coordination between tech giants and payment networks, leaving users potentially exposed to high-stakes theft.

The Anatomy of the Attack

Using a ‘Man-in-the-Middle’ setup, researchers demonstrated that they could intercept communication between a standard payment terminal and an iPhone. By spoofing the transit terminal’s ID, they tricked the iPhone into authorizing a $10,000 payment as if it were a low-cost subway fare. While Mastercard uses RSA-based asymmetric encryption to prevent such data tampering, Visa’s protocol in specific online scenarios lacks this secondary safeguard.

Security Comparison: Visa vs Mastercard on Apple Pay
Security Feature Visa Mastercard
Asymmetric Signature Conditional (Optional) Mandatory for all
Tamper Protection Low in online mode High
Transaction Integrity Vulnerable to MITM Secure

Corporate Response and User Safety

Apple points to Visa, while Visa claims the attack is unlikely in the real world. Despite this, the flaw remains unpatched since 2021. Users are advised to disable Express Transit or switch to a different card provider for transit payments to ensure their funds remain secure. In the digital age, convenience often comes at the cost of security, and this case is a prime example.

#Apple Pay #Cybersecurity #iPhone #tech news #Visa #vulnerability
Pavlo Zaslonov
About The Author

Pavlo Zaslonov

Cybersecurity expert, knows everything about IP hiding and modern chatbot vulnerabilities.

View all posts

Relevant Posts

7 Comments

Leave a Reply

2500
Please enter a comment
Please enter your name

Олександр Петренко 9 May 2026 at 03:20

wtf, apple as always shifting the blame to others. what are we paying so much money for these iphones for?? went to disable this express mode

Reply
Олена 9 May 2026 at 02:06

and if i have a monobank mastercard am i safe? or is it better to turn it off just in case? who knows tell me

Reply
Max_1992 9 May 2026 at 01:36

this is just purely lab tests. nobody in the subway is gonna run around with a laptop and a proxmark to steal money, stop spreading panic

Reply
john_doe88 9 May 2026 at 00:50

lol this is why i stick to android. samsung blocked this years ago and apple users still think they have the most secure phones

Reply
IgorV 8 May 2026 at 23:07

so why even link visa to this transit mode if there are such holes. security is always more important than convenience guys come on

Reply
Sarah Miller 8 May 2026 at 21:15

visa says 'zero liability' but have you ever tried getting 10k back from a bank? it takes months of stress and proving you are not a scammer yourself...

Reply
Марина Коваленко 8 May 2026 at 15:22

is there even one real person here who had their money stolen like this? or is this another horror story from youtubers to get views

Reply