Recently, the popular YouTube channel Veritasium demonstrated a terrifying vulnerability by charging $10,000 to tech reviewer Marques Brownlee's (MKBHD) completely locked iPhone [03:26]. Here is a quick breakdown of how this exploit works and how you can protect yourself.
How the Hack Works
The exploit takes advantage of a specific convenience feature: Express Transit mode [06:25]. This feature allows commuters to tap their phones at subway gates without needing Face ID, Touch ID, or a passcode.
Using a "Man-in-the-Middle" attack, hackers can secretly place a small radio device near your pocketed phone while relaying the signal to a real payment terminal elsewhere [05:39]. The attackers intercept and alter the data bits in real-time to tell three distinct lies:
Lie 1: They broadcast a specific code that tricks the iPhone into thinking it's talking to a subway transit gate, which bypasses the lock screen [07:11].
Lie 2: They alter the transaction data so the phone thinks it's a "low-value" charge. This prevents the phone from asking for a PIN or Face ID, even if the real charge is $10,000 [09:12].
Lie 3: They trick the actual retail payment terminal into thinking the user did securely verify the massive transaction on their device [11:08].
Why Does This Happen?
This specific loophole relies on a perfect storm: it only works if you have an iPhone paired with a Visa card set as your default Express Transit card [15:15]. While other cards like Mastercard require complex asymmetric cryptographic signatures that would catch the tampered data, Visa bypasses this check for offline transit transactions, allowing the spoofed data to slip through the cracks [19:10].
How to Protect Yourself
Although this vulnerability was publicly disclosed to Apple and Visa back in 2021, it remains technically unpatched. Both companies believe real-world exploitation is highly unlikely at scale and prefer to rely on their standard fraud detection and reimbursement policies rather than altering the core technical infrastructure [22:00].
Fortunately, protecting yourself is incredibly simple: Either turn off Express Transit mode in your Apple Wallet settings, or ensure you do not use a Visa card in your transit slot [21:44].
You can watch the full demonstration and explanation in Veritasium's video here: https://www.youtube.com/watch?v=PPJ6NJkmDAo