Can you steal $10,000 from a locked iPhone?
MKBHD and cybersecurity researchers demonstrate how to steal $10,000 from a locked iPhone using a sophisticated man-in-the-middle NFC attack. The hack exploits vulnerabilities in Apple's Express Transit Mode combined with Visa's payment verification system, and has been publicly known since 2021 but remains unfixed.
Summary
The video demonstrates a sophisticated cybersecurity attack where researchers successfully steal $10,000 from MKBHD's locked iPhone without him ever unlocking it or authorizing the transaction. The hack was developed by University of Surrey professors and works through a man-in-the-middle attack using NFC devices. The attack specifically targets iPhones with Visa cards in Express Transit Mode, exploiting three key vulnerabilities. First, they trick the phone into thinking it's communicating with a transit terminal by broadcasting the appropriate code, bypassing the lock screen. Second, they modify transaction data to make a $10,000 charge appear as a low-value transaction, avoiding customer verification requirements. Third, they alter the response to make the card reader believe the customer has verified the payment. The hack requires specific equipment including a Proxmark NFC device, laptop with Python scripts, and a burner phone, but the underlying vulnerability has been public knowledge since 2021. Apple points to this being a Visa system issue, while Visa argues the attack is unlikely to scale in the real world and that their zero liability policy protects customers. However, the researchers and narrator argue that technical prevention would be better than after-the-fact refunds, comparing it to airline safety standards where crashes are prevented rather than just compensated.
Key Insights
- The hack exploits Apple's Express Transit Mode by broadcasting a code that makes the phone think it's communicating with a subway terminal, bypassing the lock screen entirely
- The attack works by flipping specific bits in transaction data - changing a 0 to 1 to make the phone think it's a transit transaction, and another bit to make $10,000 appear as a low-value transaction
- The vulnerability specifically requires an iPhone with a Visa card, as Samsung phones only accept $0 transit transactions and MasterCard uses additional asymmetric cryptography that would detect the tampering
- This cybersecurity vulnerability has been publicly known since 2021, yet both Apple and Visa have chosen not to implement technical fixes, with Apple saying it's Visa's problem and Visa arguing it's unlikely to scale
- Visa's representative argues that fraud represents only 2 cents per $100 of in-person transactions and that their zero liability policy adequately protects customers rather than implementing technical prevention
Topics
Transcript
[0:00] - I'm here with MKBHD, and we're gonna try to steal $10,000 from his locked iPhone. - Really hope it doesn't work. Really hope it doesn't work. - I'm gonna get you to put that phone down on top of this device. - [Marques] Okay. - Just put it down there. - Just put it on like a, all right. - I feel like I'm a bit of a magician, but I'm like- - Yeah. - I haven't changed anything, right? - Okay. Yeah. - It's still locked. - It's locked. - Nothing else. - Yeah. - This is just a regular payment terminal. - Yeah. - Nothing weird about that. - Seen these. - And we'll start with…
Full transcript available for MurmurCast members
Sign Up to AccessMore from Veritasium
Can you solve the hat riddle?
A logic puzzle involving four prisoners buried in sand and wearing colored hats is presented and solved. The solution hinges on prisoner B using the silence of prisoner A as information. A bonus connection is made to a real-world hacking technique called timing attacks.
How many batteries would it take to power a human?
The video explores how many AA batteries it would take to power various animals and humans, using energy comparisons to illustrate biological power consumption. A human at rest requires about 30 AA batteries to run for one hour. The video concludes with a sponsored segment for the Anker Prime power bank.
How Alpha Particles Can Break Computer Chips
In 1978, Intel discovered that radioactive contamination in ceramic chip packaging was causing spontaneous bit flips in their DRAM chips. Trace amounts of uranium and thorium emitted alpha particles that created free charge carriers in silicon, flipping stored data. The findings prompted the semiconductor industry to significantly tighten controls over radioactive materials in chip manufacturing.
How does a sewing machine work?
This transcript explains how sewing machines create lock stitches using a rotating hook mechanism. It covers the historical development of the bobbin-based rotating hook system patented by Wilson in 1851, which became the foundation for most modern sewing machines.
Can the CIA really track your heartbeat from 60 km away?
This video investigates the claim that the CIA used a quantum magnetometry device called 'Ghost Murmur' to detect a downed airman's heartbeat from kilometers away during a 2026 rescue operation in Iran. The video breaks down the physics of NV diamond magnetometers and concludes that detecting heartbeats at such distances is physically implausible by roughly 18 orders of magnitude. The story is likely either CIA disinformation to conceal simpler rescue methods or sensationalized reporting by the New York Post.