User profile for user: ReeceK14
ReeceK14 Author
User level: Level 1
4 points

How was Apple Pay used on a stolen iPhone?

My wife's phone was pick pocketed. We belong to family sharing, so I immediately tried to locate the phone using Find my iPhone. The phone could not be found at all. When trying to call her number, the phone had been switched off. 2 hours later, bank transactions went off and I immediately contacted the bank. They advised that Apple Pay had been used. When using the cards, either facial recognition is used or the passcode is required. Neither of which the criminals would have, which indicates a flaw in the security. How could the Apple pay have been compromised?


[Re-Titled by Moderator]

Posted on Apr 19, 2024 9:05 AM

Reply

Similar questions

7 replies
User profile for user: Jeff Donald
Jeff Donald
User level: Level 6
12,362 points

Apr 19, 2024 10:06 AM in response to ReeceK14

The passcode could have been observed/captured hours or even days before. That’s the most likely scenario.


However, if you want to pursue the Apple Pay was compromised argument, there are multiple recent threads on the topic. But to date, Apple Pay has never been hacked, there is not even a proof of concept of any theory on how it could be done. If you’d like me to detail how it’s virtually impossible and explain the technology and security features behind Apple Pay, I’d be happy to detail how it works.



Reply
User profile for user: ReeceK14
ReeceK14 Author
User level: Level 1
4 points

Apr 19, 2024 10:31 AM in response to Jeff Donald

We are sure that the most likely scenario is incorrect, unless the thieves travelled over 20km and waited for us at that specific store that we do not shop at frequently. As mentioned, my wife placed the phone away in her bag while she was still in the car, before getting out to go to the store (we live in South Africa so security is ALWAYS top of mind). The phone was not once taken out of her bag after getting out of the car, so there is no way possible the thieves could have seen any passcode...While I understand that there has not been a recorded hacking case like this before, I do believe that there is always a first time for everything.

Reply
User profile for user: Jeff Donald
Jeff Donald
User level: Level 6
12,362 points

Apr 19, 2024 10:52 AM in response to ReeceK14

Not just recorded, but no researcher has ever proposed a technology hack. Any compromise involves social engineering which involves learning passcodes, compromising people at the bank or the cellular provider and other means that involve human error. But the hardware and technology behind the system and process have never been compromised. Human error is another matter.

Reply
User profile for user: ReeceK14
ReeceK14 Author
User level: Level 1
4 points

Apr 19, 2024 11:14 AM in response to Jeff Donald

There was a 2 hour window period between when the phone was stolen and when the first transaction went through.It was a fully online bank that was used, therefore they could not have gone to the bank. The cellular provider could then have been the only option... Are they able to access blocked phones?


A separate question... Her full name was at the back of the phone. Could the thieves have found her on social media and used her pictures gain access using Face ID?

Reply
User profile for user: Jeff Donald
Jeff Donald
User level: Level 6
12,362 points

Apr 19, 2024 11:57 AM in response to ReeceK14

Online banks have a support team and they could have been social engineered into permitting use of the account. But this requires getting the passcode.


A photo has rarely (once?) been able to compromise Face ID. But a photo has been manipulated in software to compromise Face ID. It took the researchers hours to do and they never revealed the procedures used to unlock Face ID.


A blocked phone has never been compromised. When a phone is marked as lost using Find My, it’s locked.

Reply

How was Apple Pay used on a stolen iPhone?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up