Stay updated with the latest in technology, global innovations, and key economic trends. From AI breakthroughs to global energy market insights, we bring you the news that matters.
Researchers Stole $10,000 from MKBHD via Apple Pay.
Get link
Facebook
X
Pinterest
Email
Other Apps
-
$10,000 Apple Pay Heist: Researchers Exploit "Express Mode" Vulnerability to Rob MKBHD
In a chilling demonstration featured on the popular documentary channel Veritasium, researchers from the University of Surrey and the University of Birmingham successfully siphoned $10,000 from tech YouTuber MKBHD (Marques Brownlee). The most alarming part? The transaction was authorized while the iPhone remained locked, without any biometric confirmation or user interaction.
The Vulnerability: A Man-In-The-Middle (MITM) Flaw
The attack exploits Apple Pay"Express Mode" a feature designed for convenience in public transit, allowing small payments without unlocking the phone. The researchers identified a critical lack of verification in the communication between the iPhone and the card reader:
Flag Manipulation: Apple Pay does not independently verify the transaction amount. Instead, it relies on a "flag" from the reader. Researchers intercepted this communication, tricking the iPhone into believing a $10,000 request was a low-value transit payment.
The Visa Loophole: Unlike Mastercard, which requires a digital signature for every transaction, Visa’s protocol allows online card readers to skip signature verification if the system is connected to the internet. This "trust-based" approach allowed the researchers to modify the message data mid-transit without being detected by the security protocols.
Corporate Response: "Low Risk" vs. Consumer Safety
Although the researchers alerted both Apple and Visa as early as 2021, a permanent fix has yet to be implemented.
Apple deferred to Visa’s "Zero Liability" policy, which protects customers from unauthorized charges.
Visa’s Senior VP, Michael Jabbara, downplayed the threat, stating that such sophisticated attacks are difficult to scale globally and that fraud protection measures are already in place to refund affected users.
The Industry Dilemma: Compatibility over Security
This incident highlights a systemic issue in the banking industry. Financial institutions often prioritize backward compatibility with millions of legacy card readers over airtight security. For example, the phase-out of magnetic stripe technology has taken decades and is not expected to be complete until 2033. Currently, the industry tends to rely on liability policies (deciding who pays for the loss) rather than enforcing newer, more secure technologies that close vulnerabilities permanently.
The Express Mode feature is designed for a "frictionless experience," a core principle of Apple products. However, in terms of security, "friction is your friend." This incident highlights how user-friendly technology can be, and how deep its vulnerabilities may lie.
While Visa has policies to protect cardholders, the dispute process often is time-consuming and complicated for users. In MKBHD's case, $10,000 might not have a significant impact, but for the average user, the temporary loss of that amount could have a life-threatening consequence.
Even though Visa claims the attack is difficult to implement on a large scale, remember that attackers can use AI-driven automation to scan and intercept signals more quickly. If attackers place small devices at crowded public payment points, the damage could be immense before it's detected.
If you're concerned about this vulnerability, the simplest way to protect yourself is to disable Express Mode for credit/debit cards in Apple Wallet and only use it for transit cards with limited spending limits, or set up minimum spending alerts to notify you immediately when money is being withdrawn from your account.
Ask me anything about this article. No data is stored for your question.
$10,000 Apple Pay Heist: Researchers Exploit "Express Mode" Vulnerability to Rob MKBHD
In a chilling demonstration featured on the popular documentary channel Veritasium, researchers from the University of Surrey and the University of Birmingham successfully siphoned $10,000 from tech YouTuber MKBHD (Marques Brownlee). The most alarming part? The transaction was authorized while the iPhone remained locked, without any biometric confirmation or user interaction.
The Vulnerability: A Man-In-The-Middle (MITM) Flaw
The attack exploits Apple Pay"Express Mode" a feature designed for convenience in public transit, allowing small payments without unlocking the phone. The researchers identified a critical lack of verification in the communication between the iPhone and the card reader:
Flag Manipulation: Apple Pay does not independently verify the transaction amount. Instead, it relies on a "flag" from the reader. Researchers intercepted this communication, tricking the iPhone into believing a $10,000 request was a low-value transit payment.
The Visa Loophole: Unlike Mastercard, which requires a digital signature for every transaction, Visa’s protocol allows online card readers to skip signature verification if the system is connected to the internet. This "trust-based" approach allowed the researchers to modify the message data mid-transit without being detected by the security protocols.
Corporate Response: "Low Risk" vs. Consumer Safety
Although the researchers alerted both Apple and Visa as early as 2021, a permanent fix has yet to be implemented.
Apple deferred to Visa’s "Zero Liability" policy, which protects customers from unauthorized charges.
Visa’s Senior VP, Michael Jabbara, downplayed the threat, stating that such sophisticated attacks are difficult to scale globally and that fraud protection measures are already in place to refund affected users.
The Industry Dilemma: Compatibility over Security
This incident highlights a systemic issue in the banking industry. Financial institutions often prioritize backward compatibility with millions of legacy card readers over airtight security. For example, the phase-out of magnetic stripe technology has taken decades and is not expected to be complete until 2033. Currently, the industry tends to rely on liability policies (deciding who pays for the loss) rather than enforcing newer, more secure technologies that close vulnerabilities permanently.
The Express Mode feature is designed for a "frictionless experience," a core principle of Apple products. However, in terms of security, "friction is your friend." This incident highlights how user-friendly technology can be, and how deep its vulnerabilities may lie.
While Visa has policies to protect cardholders, the dispute process often is time-consuming and complicated for users. In MKBHD's case, $10,000 might not have a significant impact, but for the average user, the temporary loss of that amount could have a life-threatening consequence.
Even though Visa claims the attack is difficult to implement on a large scale, remember that attackers can use AI-driven automation to scan and intercept signals more quickly. If attackers place small devices at crowded public payment points, the damage could be immense before it's detected.
If you're concerned about this vulnerability, the simplest way to protect yourself is to disable Express Mode for credit/debit cards in Apple Wallet and only use it for transit cards with limited spending limits, or set up minimum spending alerts to notify you immediately when money is being withdrawn from your account.
Anthropic Secures Historic $65 Billion Series H, Vaulting Valuation to $965 Billion Amid Strategic Semiconductor Alliances In a monumental transaction that redefines the financial landscape of artificial intelligence, Anthropic has officially announced the closing of its Series H funding round , raising a staggering $65 billion . The round was spearheaded by premier venture capital syndicates, including Altimeter Capital, Dragoneer, Greenoaks, and Sequoia Capital , propelling Anthropic’s post-money enterprise valuation to a jaw-dropping $965 billion placing the AI safety pioneer on the cusp of the trillion-dollar club. Hyperscaler Influx and Amazon's Multi-Billion Commitment The massive capital injection saw widespread participation from tier-one institutional investors alongside leading cloud infrastructure providers. Notably, tech giant Amazon anchored the hyperscaler cohort by committing an additional $5 billion to the round, cementing its deep-rooted cloud computing and mod...
Pope Leo XIV Issues Papal Encyclical on AI Ethics, Warning Against Transhumanism alongside Anthropic Co-Founder In a historic convergence of ancient spiritual governance and cutting-edge computer science, Pope Leo XIV has officially promulgated a new papal encyclical titled Humanitas Elegans (The Elegant Humanity) . The sweeping pontifical document issues a global clarion call for the ethical orchestration of artificial intelligence, firmly asserting that AI development must be channeled exclusively toward the collective common good of global society, rather than the asymmetric accumulation of private wealth or lethal military militarization. The Holy See strongly cautioned global leaders against operating under the flawed assumption that artificial intelligence algorithms are inherently neutral or unbiased. The Perils of Transhumanism and Existential Division A core theological and philosophical pillar of the encyclical targets the rising cultural momentum of Transhumanism the...
Xiaomi Slashes MiMo-V2.5-Pro API Prices by Half to Match DeepSeek V4 Pro Permanent Discount In an aggressive escalation of the global artificial intelligence price wars, Xiaomi has announced a massive price reduction for its flagship large language model API suite, MiMo-V2.5-Pro . The sudden realignment slashes operational deployment fees by more than 50%, effectively matching the rock-bottom permanent pricing tiers recently introduced by rival infrastructure provider DeepSeek V4 Pro . The discount framework universally blankets standard token processing as well as advanced context-caching workflows. The New Budget-Friendly Token Pricing Breakdown The revised structural pricing matrix introduces unprecedented cost-efficiencies for global enterprise software developers: MiMo-V2.5-Pro (Premium Tier): Standard pricing plummets to $0.435 per million input tokens and $0.87 per million output tokens . Concurrently, its context-cached input processing fee has been heavily reduced to a mere...
YouTube Mandates AI Transparency Labels, Deploying Automated Detection Systems for Creator Uploads In a major push toward digital integrity and content authenticity, YouTube has officially launched an industry-leading transparency framework designed to track and label generative AI content. The update establishes a rigorous compliance loop during the video upload process, introducing an automated detection system backed by policy enforcement mechanics to map synthetic media across the entire platform ecosystem. The Disclosure Loop: Self-Reporting vs. Automated Audits Under the newly deployed workflow, creators face structured disclosure protocols before publishing content: The Creator Self-Disclosure Form: During the initial upload pipeline, creators will be required to explicitly declare whether their video features altered or synthetically generated content. The Trust-but-Verify Protocol: YouTube intends to respect self-declared "No-AI" claims on face value. However, the...
Micron Joins the Exclusive $1 Trillion Club: Surpasses Tesla with Historic 48-Day Market Cap Doubling Sprint In a monumental milestone for the global technology ecosystem, Micron Technology has officially become the latest enterprise to eclipse a $1 trillion market capitalization . Following a spectacular market rally, Micron’s stock price surged 19.29% to close at $895.88 per share , locking in its consolidated market value at a staggering $1.01 trillion . Shattering Wall Street Speed Records The structural velocity of Micron's capital expansion has stunned Wall Street analysts. The semiconductor powerhouse required merely 48 trading days to double its market capitalization from $500 billion to the $1 trillion threshold. This historic sprint comfortably outpaced Tesla , which famously took several months to achieve the same doubling trajectory during its peak valuation era. With this fiscal breakthrough, Micron officially cements its position as the 12th elite corporation in ...
Valve Hikes Steam Deck OLED Prices by 45%, Blaming Global Semiconductor Deficit and Surging Component Costs In a stark reminder of the volatile macroeconomic pressures facing the consumer electronics industry, Valve has announced a major price restructuring for its acclaimed handheld gaming console, the Steam Deck OLED . Delivering a transparent explanation to consumers, Valve stated that the price adjustment is a direct consequence of skyrocketing costs for critical semiconductor components specifically high-speed memory (RAM) and flash storage. The New Premium Pricing Matrix The revised structural pricing for the United States market reflects a steep upward shift: Steam Deck OLED (512GB Model): Increased to $789 (up from its original $549 launch price). Steam Deck OLED (1TB Model): Increased to $949 (up from its original $649 launch price). Valve explicitly clarified that these new tiers, which represent an approximate 45% financial premium , do not include any architectural upg...
HP Reports Q2 2026 Earnings: Revenue Climbs 9% to $14.4 Billion Driven by High-Margin AI PC Demand HP Inc. has officially reported its financial results for the second quarter of its 2026 fiscal year, ended April 30. The hardware giant delivered a resilient performance, booking total net revenue of $14,408 million ($14.4 billion) , representing a solid 9.0% year-over-year expansion compared to the same period last year. On a GAAP basis, the company locked in a quarterly net income of $450 million . The Premium PC Pivot: Revenue Rises Despite Lower Unit Shipments A deep dive into HP’s core operational segments highlights a stark transformation in consumer and enterprise hardware economics: Personal Systems (PCs and Workstations): Revenue within this primary division surged 13% year-over-year to $10.2 billion , exhibiting robust market demand across both consumer and commercial enterprise landscapes. Crucially, while total revenue grew significantly, the actual volume of total units ...
.webp)
Comments
Post a Comment