Researchers Stole $10k from MKBHD's Locked iPhone

Posted by zacharyozer 9 hours ago

Counter16Comment2OpenOriginal

Comments

Comment by anon7000 4 hours ago

The source is this a very interesting video: https://youtu.be/PPJ6NJkmDAo

TLDR, it only impacts Visa Cards if you have express transit mode enabled, and relies on a MITM attack.

There are two root issues:

1. iOS does not verify the actual transaction value, it just verifies that a flag is set indicating it’s a low value transaction. (Eg for express transit where no faceID is required.) Apple says the root cause is credit card companies, but they could clearly fix this.

2. In visa transactions with an offline terminal, the credit card doesn’t cryptographically sign the data it’s sending, which is why the MITM attack is able to adjust the transaction metadata getting sent to the phone. (MITM attack basically changes the transaction flow to make it look like an offline transit reader asking for a low value amount of money, and ios approves the transaction with no verification, despite it being for $10k) Mastercard doesn’t have that vulnerability because the transaction metadata is cryptographically protected/verified. Visa claims that the attack is too hard to pull off for it to be worth changing.

Comment by Kirby64 4 hours ago

> 1. iOS does not verify the actual transaction value, it just verifies that a flag is set indicating it’s a low value transaction. (Eg for express transit where no faceID is required.) Apple says the root cause is credit card companies, but they could clearly fix this.

The video explains why this is the credit card company responsible for this. The value of a low vs high value transaction changes depending on local currency, credit card company risk profile, etc. It’s not unified at all, even within the same country. And values change over time, so having to reissue cards to change it would be impractical.