N
Insight Horizon

If You Use Your iPhone to Do This, Check Your Bank Account, Experts Warn

Author

Isabella Wilson

Updated on February 23, 2026

A young woman using her iPhone while riding a bike through the city
Shutterstock

Even if you don't consider yourself good with technology, there's a good chance your phone is the primary way you get things done. After all, the convenience of having a device in your pocket that can do everything from booking a flight to having your favorite meal brought to your door has revolutionized the way we go about our daily lives. But our newfound reliance on gadgets can sometimes make us vulnerable to serious security breaches. Now, experts warn that hackers can take advantage of anyone who uses their iPhone to do this one everyday action. Read on to see what you can do to protect yourself.

RELATED: If You Use This Popular Phone, You Could Lose Access to Your Email and Calendar.

Hackers have exploited the Express Transit feature on the iPhone to steal money.

man paying with apple pay on public transport
Shutterstock

Using your iPhone to board a bus or subway train with its contactless Express Transit feature has undoubtedly made life easier for commuters. But according to new research from teams at Birmingham and Surrey Universities, it has also made it much easier for hackers to target the devices and steal cash from them.

In a video released to the BBC, the team demonstrated a locked iPhone tricked into approving a contactless payment of £1,000. The transaction was completed by using an Android phone running a program that mimics a ticketing terminal seen in public transportation systems. But while Express Transit relies typically on the device being swiped over a reader to be activated, the researchers explained that hackers running the program don't even necessarily have to be physically close to victims to poach such payments—and all without the use of a passcode, Face ID, or fingerprint.

"It can be on another continent from the iPhone as long as there's an internet connection," Ioana Boureanu, PhD, one of the researchers from the University of Surrey, told the BBC.

The exploit specifically affects accounts with Visa bank cards attached to Express Transit.

visa company name origins

The researchers specified that the security exploits they discovered specifically put any iPhone with a Visa bank card attached to its Express Transit feature in danger. Similar tests against phones using Samsung Pay or a Mastercard were unsuccessful in stealing the funds.

Even though the conditions were created in a lab and there's no evidence that thieves have used the vulnerability to steal cash, some experts feel the potential open door for thieves could soon have serious consequences. "Perhaps the greatest worry is for a lost or stolen phone," Ken Munro, a researcher with cyber security consultancy Pen Test Partners who was not involved in the research, told the BBC. "The crook doesn't have to be concerned about being spotted by others as they carry out the attack anymore."

RELATED: Android Users Are Being Charged Hundreds After Clicking on This Message.

Both Apple and Visa have refused to accept responsibility for the security flaw.

a hacker doxing someone online
Shutterstock

Despite having shown footage of their findings to both Apple and Visa nearly a year ago, neither company has fixed the security issue. In a statement from a Visa spokesperson, any such fraudulent payments were called "impractical" and compared them with other similar "contactless fraud schemes" that haven't been able to be executed in the real world over the past decade.

Apple took a similar stance when faced with the results, with a spokesperson for the company telling the BBC: "We take any threat to users' security very seriously. This is a concern with a Visa system, but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place."

Unfortunately, the research team fears that such responses mean the exploit could be left unsolved long enough for criminals to take advantage of the vulnerability. "Our work shows a clear example of a feature, meant to incrementally make life easier, backfiring and negatively impacting security, with potentially serious financial consequences for users," Andreea Radu, PhD, the study's lead researcher from the University of Birmingham, told the BBC. "Our discussions with Apple and Visa revealed that when two industry parties each have partial blame, neither are willing to accept responsibility and implement a fix, leaving users vulnerable indefinitely."

For more tech tips sent straight to your inbox, sign up for our daily newsletter

The researchers recommend removing any Visa card attached to the feature for now.

A closeup of an Apple Wallet icon being displayed on an iPhone
Shutterstock

In light of the findings, a company spokesperson said that "cardholders are protected by Visa's zero liability policy" from any fraudulent payments or theft. But the research team says that it's still best for people to take security concerns into their own hands for the time being.

"iPhone owners should check if they have a Visa card set up for transit payments, and if so, they should disable it," Tom Chothia, PhD, one of the study's co-authors from the School of Computer Science at the University of Birmingham, told the BBC. "There is no need for Apple Pay users to be in danger, but until Apple or Visa fix this, they are."

RELATED: If You Get This Email From Amazon, Delete It Immediately.

Zachary Mack Zach is a freelance writer specializing in beer, wine, food, spirits, and travel. He is based in Manhattan.Read moreFiled Under •  • Read This Next
  • woman reading email at desk

    Don't Click on This Message From Apple

    It could mean major trouble for you and your bank account.October 1, 2021
  • A young woman sitting in a cafe while answering a phone call with a confused look on her face

    Hang Up If You Hear This When You Answer the Phone

    This one trick could save you from a flood of spam calls in the future.August 16, 2021
  • Wine counterfeit, over 40

    The Smart Man's Guide to Spotting Counterfeit Wine

    That $2,000 bottle of Bourdeaux might be worth $20. Here’s how to be sure it’s the real thing.April 13, 2017
  • Friend date, friendship, female friendships, red wines

    The 5 Best Light-Bodied Red Wines for Extending Your Summer

    Don't let September ruin a killer party. August 25, 2017

  • 17 Insanely Cool New Luxury Bicycles for Spring

    Meet the bikes that cost more than a car.March 31, 2017

  • Best Life Essentials

    You deserve the best. Live life to the fullest with these ultimate essentials.October 21, 2016
  • Raw meat

    This Is the Safest Way to Store Meat

    Don't let that filet set you up for food poisoning. February 7, 2018
  • winklevoss twins on instagram

    Here Are the 10 Wealthiest Cryptocurrency Millionaires Under 40

    Including one guy who is only 24 years-old!February 7, 2018
  • Server closing restaurant

    This Is the Safest Way to Clean Your Floors

    Keep your floors clean and looking brand new with this easy tip. February 8, 2018
  • real estate, open house. second date ideas

    15 Things Your Real Estate Agent Won't Tell You

    These are sure to shock even the most intrepid homebuyers. February 14, 2018

Related Documentation

Dancing With The Stars Tom Bergeron Admits His Firing Got Ugly

10 Frighteningly Fun Facts About the Haunted Mansion

Piolo Pascual Net Worth

Hire Sisters With Voices (SWV) for a Corporate Event or Performance Booking.