MurmurCast
TechnicalInsightful

Can you steal $10,000 from a locked iPhone?

Veritasium

MKBHD and cybersecurity researchers demonstrate how to steal $10,000 from a locked iPhone using a sophisticated man-in-the-middle NFC attack. The hack exploits vulnerabilities in Apple's Express Transit Mode combined with Visa's payment verification system, and has been publicly known since 2021 but remains unfixed.

Summary

The video demonstrates a sophisticated cybersecurity attack where researchers successfully steal $10,000 from MKBHD's locked iPhone without him ever unlocking it or authorizing the transaction. The hack was developed by University of Surrey professors and works through a man-in-the-middle attack using NFC devices. The attack specifically targets iPhones with Visa cards in Express Transit Mode, exploiting three key vulnerabilities. First, they trick the phone into thinking it's communicating with a transit terminal by broadcasting the appropriate code, bypassing the lock screen. Second, they modify transaction data to make a $10,000 charge appear as a low-value transaction, avoiding customer verification requirements. Third, they alter the response to make the card reader believe the customer has verified the payment. The hack requires specific equipment including a Proxmark NFC device, laptop with Python scripts, and a burner phone, but the underlying vulnerability has been public knowledge since 2021. Apple points to this being a Visa system issue, while Visa argues the attack is unlikely to scale in the real world and that their zero liability policy protects customers. However, the researchers and narrator argue that technical prevention would be better than after-the-fact refunds, comparing it to airline safety standards where crashes are prevented rather than just compensated.

Key Insights

  • The hack exploits Apple's Express Transit Mode by broadcasting a code that makes the phone think it's communicating with a subway terminal, bypassing the lock screen entirely
  • The attack works by flipping specific bits in transaction data - changing a 0 to 1 to make the phone think it's a transit transaction, and another bit to make $10,000 appear as a low-value transaction
  • The vulnerability specifically requires an iPhone with a Visa card, as Samsung phones only accept $0 transit transactions and MasterCard uses additional asymmetric cryptography that would detect the tampering
  • This cybersecurity vulnerability has been publicly known since 2021, yet both Apple and Visa have chosen not to implement technical fixes, with Apple saying it's Visa's problem and Visa arguing it's unlikely to scale
  • Visa's representative argues that fraud represents only 2 cents per $100 of in-person transactions and that their zero liability policy adequately protects customers rather than implementing technical prevention

Topics

iPhone security vulnerabilityNFC payment system exploitationExpress Transit Mode bypassMan-in-the-middle attacksApple vs Visa responsibility

Full transcript available for MurmurCast members

Sign Up to Access
View original source →

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.