Here’s how the hack reportedly works, with certain key details deliberately omitted for the sake of security: a certain piece of radio equipment is tricking the iPhone that it’s a ticket barrier, while an Android phone with a certain app is relaying signals between the iPhone and a contactless payment terminal. The iPhone is hence fooled that it’s communicating with a real ticket barrier and the payment could be authorized without employing PIN or biometric authorization, so the funds are transferred to the folly payment terminal.
There’s a silver lining, though: so far, the hack has only been replicated in-house and there are no reports of it ever being used by wrongdoers in real-life conditions, which should give you a peace of mind, especially if you’re using a Visa card to quickly pay at contactless terminals. Other researchers, not involved with the original research, warn that the hack could be used to quickly and effortlessly withdraw vast sums of money from stolen devices that are otherwise locked with a PIN code, fingerprint, or Face ID.
While the chances of such an attack taking place are relatively low due to the complexity of the hack, there’s always a chance. Dr Andreea Radu of the Birmingham University, who led the research, warns that in spite of the technical complications, such elaborate financial exploits could be much more prevalent in a few years’ time, especially if left unaddressed by the respective banking institutions.