We Took $10k from MKBHD's Locked iPhone(twitter.com)

3 pointsby apparent4 hours ago2 comments

dlcarrier2 hours ago
Credit card security in the US is based around two points:
```
    1.  Card-not-present transaction fraud is so easy that there's no point in putting any effort into making card-present transactions secure.

    2.  Vendors pay for card-not-present transaction fraud
```
It's like worrying about the quality of your door lock, when the door is right next to a picture window, and someone else is paying for your insurance.
apparent4 hours ago
Full video on YT: https://www.youtube.com/watch?v=PPJ6NJkmDAo
- al_borland3 hours ago
  For anyone looking for the TL;DW...
  This takes 3 things to work.
  1. iPhone 2. An Express Transit Card activated 3. The Express Transit Card is a Visa
  Setting Express Transit Card to None will stop it, as will using a Mastercard instead of Visa.
  Visa's position on this is that in-person fraud accounts for 2¢ out of every $100 spent. For them, it doesn't seem worth the investment for a very unlikely event, and the user is not responsible for fraudulent charges. The knowledge of this vulnerability has been out in the wild for several years, so it doesn't seem like it's been much of an issue in the real world. It sounds like they believe their efforts are better spent on other more impactful fraud.
  Though it is a neat demo of what is possible, the tech behind it is interesting, and it does give some idea of red flags to lookout for.