Researchers Stole $10k from MKBHD's Locked iPhone
zacharyozer
12 points
2 comments
April 18, 2026
Related Discussions
Found 5 related stories in 64.2ms across 4,861 title embeddings via pgvector HNSW
- Can you steal $10k from a locked iPhone? [video] terramex · 15 pts · April 15, 2026 · 65% similar
- Someone has publicly leaked an exploit kit that can hack iPhones moose44 · 19 pts · March 23, 2026 · 57% similar
- Users lose $9.5M to fake Ledger wallet app on the Apple App Store CharlesW · 70 pts · April 15, 2026 · 54% similar
- Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild WalterSobchak · 115 pts · March 18, 2026 · 53% similar
- Possible US Government iPhone-Hacking Toolkit in foreign spy and criminal hands alwillis · 212 pts · March 03, 2026 · 51% similar
Discussion Highlights (1 comments)
anon7000
The source is this a very interesting video: https://youtu.be/PPJ6NJkmDAo TLDR, it only impacts Visa Cards if you have express transit mode enabled, and relies on a MITM attack. There are two root issues: 1. iOS does not verify the actual transaction value, it just verifies that a flag is set indicating it’s a low value transaction. (Eg for express transit where no faceID is required.) Apple says the root cause is credit card companies, but they could clearly fix this. 2. In visa transactions with an offline terminal, the credit card doesn’t cryptographically sign the data it’s sending, which is why the MITM attack is able to adjust the transaction metadata getting sent to the phone. (MITM attack basically changes the transaction flow to make it look like an offline transit reader asking for a low value amount of money, and ios approves the transaction with no verification, despite it being for $10k) Mastercard doesn’t have that vulnerability because the transaction metadata is cryptographically protected/verified. Visa claims that the attack is too hard to pull off for it to be worth changing.