How to Repair Your iPhone’s Vulnerability to Express Transit

by -
Photo: LightField Studios (Shutterstock) – Although Apple Pay is typically safe, a recently found vulnerability might put your money at danger.

My iPhone is one of my favorite ways to pay. I use Apple Pay at stores, vending machines, and pretty much everywhere else that accepts it. If you use Apple Pay, however, you should be aware that a recently found security weakness might allow hackers to steal directly from your mobile wallet, which is especially dangerous if you utilize public transportation.

A security flaw exists with Express Transit

The problem isn’t with Apple Pay as a whole, but with one specific feature: Express Transit. This option is ideal for anybody who commutes by public transportation since it eliminates the need to use Face ID or Touch ID to verify a metro transaction. Instead, you simply place your iPhone against the machine, and the transaction is authorized instantaneously. It’s just as easy to use as a regular metro card, but you don’t have to carry one around with you.

Despite the fact that Express Transit disables one of Apple Pay’s security measures, it’s typically a safe option; metro transactions aren’t huge, and there’s a daily limit on how much you can pay using the service. Even if there was a security concern, a hacker wouldn’t be able to make off with a large sum of money before being discovered.

This new security weakness, unfortunately, isn’t usual. According to The Telegraph, a metro terminal may be replicated using a combination of software and hardware that activates the Express Transit function on iPhones, bypassing the security limit. A test iPhone was able to drain as much as ¬£1,000 (about $1,380) from researchers. That was one pricey metro journey.

This issue necessitates physical access to your iPhone. Using legal transportation stations puts you at no risk; the only danger is if someone takes your iPhone or if you leave it unattended. Nonetheless, those scenarios are possible, thus this vulnerability is a worry.

Fortunately, the weakness does not impact all cards that use Express Transit; for the time being, the problem is limited to Visa. Researchers believe that the weakness occurs in both Apple’s and Visa’s systems, according to The Telegraph. Apple, on the other hand, blamed the bank and promised consumers that any illegal payments would be refunded under Visa’s rules. Visa, for its part, argues that these sorts of attacks have been well researched and would not represent a real-world danger.

How to avoid the Express Transit security vulnerability on your iPhone

If you don’t want to take Visa’s word for it, go to Settings > Wallet & Apple Pay > Express Transit Card to safeguard yourself. Choose a card that isn’t a Visa; this issue doesn’t impact MasterCard (which includes Apple Card) or American Express. If you only have a Visa card, select “None” to turn off the feature completely.