iPhone users can use Apple Pay to pay for purchases contactlessly. Simply unlocking the mobile and bringing it closer to the dataphone starts the transfer. However, within this functionality there is a feature that Visa offers in Apple terminals and that allows contactless payment without unlocking the mobile.

This Apple Pay feature developed by Visa serves to speed up payments at subway or bus turnstiles, and allows the user to simply bring their device closer without having to unlock it or open the application.

The problem: cybersecurity experts have discovered a vulnerability that allows them to take advantage of this contactless payment functionality and without the need to unlock the mobile to literally intercept large sums of money from their victims.

Apple has explained to the BBC that the vulnerability does not concern them, but Visa. Visa, for its part, has also argued that the payments that it guarantees in its functionality are safe and that attacks of this type were "impracticable" outside a laboratory or any other controlled environment.

The hacked feature is Express Transit, or "express transport mode" according to the Spanish translation made by the apple company itself. To guarantee agility in payments when boarding public transport, Visa has deployed devices in bus fleets and metro stations to which the iPhone can be approached to execute these payments with the mobile phone blocked.

Apple Pay, the contactless payment service for iPhones, could be the next antitrust front for Apple

The vulnerability is in the Visa system within Apple Pay. This gap, present in this express transport system, has been discovered by Computer Science researchers from the Universities of Surrey and Birmingham. To demonstrate their findings, they have shared a video of £1,000 being extracted from a locked iPhone.

This video has only been accessed at the moment by the BBC. The British broadcaster omits several details of the investigation to prevent it from being exploited by computer criminals, but in short, what the researchers have done is incorporate a radio component that emits interference between the surface of the Visa device and the iPhone .

It is a small radio equipment and it is easy to get in stores. This device interferes with the iPhone's signal with the Visa terminal so that the money from the target phone ends up in a different place than the public transport accounts that the user is getting on. Since the iPhone thinks it's communicating with a subway turnstile, it doesn't need to be unlocked.

With the signals intercepted, an app developed by the researchers simultaneously executes the operation of the target iPhone towards a dataphone, which can be that of a business or a dataphone that is controlled by criminals.

In fact, this app works on Android and both the Android mobile that is running it and the dataphone that receives the intercepted money do not have to be close to the victim: they can even be on the other side of the world.

Put a tablecloth on your phone: they discover how to hack voice assistants with ultrasonic waves that you won't hear but your smartphone will

Although Visa alleges that it is a vulnerability that cannot occur outside of a controlled environment, British researchers have warned that a stolen or lost iPhone, even if it is locked, may be susceptible to being robbed with this technique. However, it is true that when a user loses their phone, they usually block their payments and their terminal.

"We take threats to the security of our users very seriously. This vulnerability concerns the Visa system, but Visa does not believe that this type of fraud can take place in the real world given the multiple layers of security that are in the process." ", settled an Apple spokesman in statements to the BBC.

"In the unlikely event that an unauthorized payment like this does happen, Visa has made it clear that its users are also protected by other Visa policies."

Andreea Radu, doctor and head of research at the University of Birmingham, has not been so convinced. She also told the British public broadcaster: "There is some technical complexity, but the rewards for attackers are high (...). In a few years this could become a real problem."