A new video from the Veritasium YouTube channel shows that a specific vulnerability could allow someone to steal $10,000 from a locked iPhone—but you probably don’t need to worry.

Veritasium video highlights a niche security vulnerability that emerged in 2021

Apple continuously sends new security updates for the iPhone and shares them publicly with documentation.

However, a new video from Veritasium shows that a very specific vulnerability has been present since 2021 and has not been addressed to this day.

Professors Ioana Boureanu and Tom Chothia discovered that a locked iPhone could be tricked into making an NFC payment. A few unique hacks are sufficient for this.

The method involves tricking an iPhone into thinking that a payment terminal is actually a public transport terminal using Apple’s ‘Express Transit’ feature. The video explains how it bypasses other Apple security measures to extract $10,000 from the iPhone.

You can watch the full video below for more details:

The vulnerability only works when set up as the ‘Express Transit’ option in the iPhone’s Settings with a Visa card. It does not apply to Mastercard or other vendors.

Apple informed Veritasium that the issue stems from a concern on Visa’s side.

Visa stated that cardholders are protected by a zero liability promise that covers any potential loss in the event the vulnerability is successfully exploited. However, it noted that the vulnerability is “highly unlikely” to occur under real-world conditions, though it acknowledged that it is possible in a controlled environment.

What are your takeaways from the video? Share with us in the comments.

Best iPhone Accessories

  • AirPods Pro 3 (currently only $199, down from $249)
  • MagSafe Car Mount for iPhone
  • 10-Year AirTag Battery Case 2-Pack
  • 100W USB-C Fast Charging Adapter
  • Apple's New AirTag 2 (Single / 4-Pack)