How easy is it to steal $10,000 from a locked phone?

[00:01] iPhone. I really hope it doesn't work. I really you to put that phone down on top of this device. Okay. >> Just Just put it down. That's just Put it on like a All right. I feel like I'm

[00:14] haven't changed anything, right? Okay. Yeah. It's It's still locked. just a regular payment terminal. Nothing Nothing weird about that. >> Seen these. We'll start with a little like maybe 100 No, maybe $5. Let's start

[00:26] five. That sounds great. Yeah, five bucks. we be able to get this out of your phone? hope not, but I kind of feel like you will.

[00:39] Let's see. So, now I'm going to charge $5 on this right? Yep. I I haven't done anything. It's like a David Blaine. >> [laughter]

[00:52] >> Sweet. So, let's try a tap. We'll go. Approve Whoa, whoa. Approved. So, okay. I heard something happen on my phone

[01:06] I heard something happen on my phone while you tap this on this. Yes. >> [laughter] >> We got a little receipt for you.

[01:21] Uh credit verified on device $5. So, I'm going to check my phone. I'm going to check my phone. Uh oh, I have a new $5 charge. >> [laughter] >> And it's timestamped right now.

[01:36] >> [laughter] >> So, that's concerning. [music] Oh, so my phone had to be on this thing. >> Yes. Did it have to be on this thing or like near it, I guess? So, the way Whoa. I could explain how it works, but maybe

[01:49] I could explain how it works, but maybe before that $5 is not very much. Yeah. Do we want to try upping it a bit? I I'm going to enter a slightly larger amount. Careful.

[02:01] Careful with that. Careful. Careful. That's a lot of zeros. Careful with that. Oh my god. Okay. Do you Do you even think it's possible first firstly? $10,000. I mean, the credit the limit on the card is above

[02:14] that. I don't know if Apple Pay will let you do that. The question is also are you used to spending this amount of money on this card, you know? >> Not from my phone. This is like a big

[02:26] screen activity. Like $10,000 [laughter] $10,000 purchase. So, I got to be this would be unusual. Let's see it. Let's see if it works. Okay, I'm going just All you All we got to do again, put your phone locked

[02:40] >> Phone on this device. Locked on that device. Yes, exactly. Okay, we're going to start the script again.

[02:55] Okay. Mhm.

[03:07] Mhm. No, it's just just [laughter] Print that out. Print that. Oh, we did Print that out. Print that. Oh, we did that.

[03:19] Oh my god. So So, uh yeah, I'm I'm going to need that back. Yeah. [laughter] For sure, I'm going to need that back. But also, did that just Yeah, wow. It worked. $10,000. All right. I believe

[03:34] I definitely believe you. Uh How do we get this back? We do like a little Venmo or like PayPal [laughter] the transaction? I don't even know. Do I call my That's crazy.

[03:48] want to Yeah. get it framed. A receipt [laughter] of the phone. I never put in the password. I never did what I would normally do to phone. Yes. It just happened to be on top of that.

[04:04] So, how did we do it? Well, we teamed up with two cybersecurity experts, and we went to visit them at the University of Surrey, where they ran us through a unique hack that they developed to bypass a phone's lock

[04:17] inside its mobile wallet. Without unlocking my phone is the is the real magic part. That's crazy. And the craziest thing of all is that this hack was made public back in 2021. So, people have known that it's possible to take

[04:30] money from locked phones in this way for 5 years. So, what kind of amounts does this The only limit is how much someone has in their [music] bank account. fixed. So, how does it work?

[04:46] Well, whenever you use tap to pay, your phone and the reader exchange information about the transaction. But they send this information through the air by a shared magnetic field. So, we can intercept the communication and

[04:58] alter it. All we need to do is to insert our own devices in between the phone and >> First, we tap Marques's phone against this. It's an NFC device called a Proxmark. To Marques's phone, the Proxmark looks like a typical card

[05:12] transaction data. That Proxmark then sends that data Python script to modify it. >> [music] >> Next, the laptop sends the data to our burner phone, which I tap on the actual

[05:25] card reader. To the reader, my phone looks just like Marques's. So, both Marques's phone and the card reader think they're talking directly to When in fact, all their communication goes through our series of devices.

[05:38] This is a classic man-in-the-middle attack. the data is actually the easy part. The hard part is what you need to do to that data to trick the phone and the reader into authorizing the transaction.

[05:53] attack, you have to get past three layers of defense on both systems. And to do that, we have to tell both three lies, two to the phone and one to the lies, two to the phone and one to the reader.

[06:07] simplest. The phone is locked. And in an ordinary transaction, you have to unlock your phone to pay. But this is no ordinary transaction. So, you know, if feature that Apple's created where, you know, when you walk through, they don't

[06:20] you know, having to unlock their face and, you know, maybe they're wearing a >> express [music] transit mode. Apple introduced express transit mode in 2019 to let you make transit transactions without having to unlock your phone.

[06:35] The way this works is that the payment terminals on the subway or on the bus as a transit terminal. Then, when you tap your phone to pay, it looks for whatever card is in the transit slot of its mobile wallet and it pays without

[06:48] needing to unlock. This is super convenient, but we can also abuse it. We found out how this worked by going to London Underground with our laptops and our equipment and actually scanning the signals

[07:01] and seeing what the gate was saying to the phone. >> And that's how we discovered this code the gate sent, which unlocked the phone. We used the Proxmark to broadcast that same [music] code, which fools Marques's

[07:14] reader. So, when we tap Marques's phone against the Proxmark, it's now expecting to receive another message with the details about the transit transaction. look like in binary code. Each of these bits carries important

[07:29] the important part of this message for us is this bit. An authentic transit transaction would have a one right here. This tells the phone that the reader may be offline, like if it's underground on the subway, in which case the phone

[07:43] authentication. So, when Marques's phone receives the transaction request from what it thinks is a transit reader, it's going to be expecting that value to be set to one. But in reality, the device sending the

[07:56] request is our retail reader. And this reader is online, which means that that bit is currently set to zero. Therefore, to trick the phone into accepting the from the reader, pass it through our

[08:08] computer, and we change that zero to a one. So, by the time the message gets to Marques's phone, it looks like a transit transaction. As this communicates through our computer, we're we're convincing the

[08:21] transit terminal. But now there's a second line of defense we need to break. With this first lie, we bypass the need trick it into making small payments of a few dollars,

[08:35] we suddenly went and asked the phone for $10,000, well, its guard would go way back up. After all, it's pretty unusual for a transit reader to ask for such a >> So, this activates a second layer of

[08:50] defense, customer verification. On contactless payments like this, there are two categories of transaction. We got high value and low [music] value. high value requires additional verification from the customer.

[09:04] For example, in the UK, most banks require a PIN or fingerprint or facial £100. So, for us to get this $10,000 payment through without customer verification,

[09:16] we need to trick the phone into thinking that $10,000 is in fact a low value transaction. And that's actually surprisingly simple. That's because to determine whether the transaction is high value, Marques's

[09:29] phone doesn't actually look at the numerical value of $10,000. [music] It just looks at another single bit of information in the transaction data. A one here means high value and zero means low. The reason for this is that the

[09:42] varies from country to country. And of different currencies. So, a simple label allows the flexibility to deal with the limits to be changed without the banks needing to issue new cards.

[09:57] message from the reader, flip that bit to a zero, and then the phone will value, even though it's for $10,000. request for a $10,000 transaction, it doesn't ask for customer verification.

[10:13] It just goes ahead and authorizes the transaction. data so easy to tamper with?" And we'll get to that in just a minute. But, we overcome. See, with these first two lies, we bypassed unlocking the phone,

[10:30] high-value transaction without asking for verification. So, the phone is fully payment. But, we still need to convince the reader that the transaction is And this is where our third lie comes in.

[10:45] When Marques's phone replies, it says it's approved the $10,000 transaction, but it also says that it hasn't asked for customer verification. No PIN, no fingerprint, no facial recognition. But, if the reader sees this, it'll reject

[10:58] the transaction, because it knows that the $10,000 payment it originally asked for is high value, and should therefore require customer verification. So, now thinking that the customer has verified the payment.

[11:11] So, we intercept the response from Marques's phone, and look for the bit of information that says customer verification hasn't been done. Then, we change it to say that the payment has been verified by flipping

[11:23] this zero to a one. Now, the reader's happy. It forwards the information onto the bank, and the bank authorizes the payment. been verified by the customer on their device.

[11:47] verified. You didn't verify it. Right. So, why isn't all this information encrypted? That would make it impossible Well, the way the phone and reader communicate has to be compatible with

[12:00] which would be impossible to update all in one go. So, for that reason, the information we've looked at so far is just sent across unencrypted. all have checks in place to make sure an attack like [music] this can't happen.

[12:15] And normally, it can't. Except if you happen to use a specific type of phone [music] and a specific type of card. Because when you combine them in this particular scenario, they create a loophole.

[12:28] So, our hack relied on a specific phone and credit card combination. We also used a sophisticated method developed by cybersecurity experts. But, hackers or scammers online, well, they don't need to be that smart. Often, they can just

[12:41] started working at Veritasium, I was on a work trip to go meet Derek for the first time, and I got an email from somebody who was saying he was Derek ton of sense. I was leaving the airport, so I just responded by sending my phone

[12:55] let me look at that." I checked the email, not Derek. Of course, for the next few months, I was just getting scam call after scam call. That's one way but it's not just scam calls like that. I've also had that feeling after news of

[13:09] a major data breach. I wondered whether me using some website has led to my personal information being exposed somewhere without me even knowing about it. But, you can protect your personal info with today's sponsor, Incogni. See,

[13:21] whenever scammers purchase your email, phone number, and even your home address from data brokers, Incogni automates the grueling process of requesting that information. Okay, so I've had this since June 2025, and since then, we've

[13:35] had 94 different removal requests. And I really like how you can track the progress in this dashboard here. They've estimated that that's saved me 70 hours and 30 minutes of my own time if I were to reach out to these people myself. And

[13:47] feature in their unlimited plans, you can point to any specific site where of their privacy agents will take care of the rest. So, to take your data off the market today, go to incogni.com/veritasium,

[14:01] and then use code Veritasium for 60% off. You can click the link below, or you can scan this QR code to claim that 60% off and get your personal data off the market. I want to thank Incogni for sponsoring this video about taking money

[14:14] from Marques Brownlee. And now, let's get back to that thing. >> [laughter] >> So, which combination of card and phone make this hack possible? Firstly, the phone has to be an iPhone.

[14:26] As we saw earlier, when an iPhone is deciding whether to ask for customer verification, it doesn't look at the numerical value of the transaction. It only looks at the high value or low value label provided by the reader.

[14:38] >> [music] >> For example, when a Samsung phone goes into transit mode, it doesn't rely on this low value label from the reader. It looks at the actual numerical value of the transaction, and it only accepts

[14:50] Then, it relies on the transport you've used the subway, and then to send you a bill at the end of the day. So, if a Samsung phone saw a transit terminal trying to charge you $10,000

[15:03] >> [music] >> it would immediately reject it. But, it's not just Apple's transit mode that makes this hack possible. You've got to have one specific type of card in the transit slot.

[15:15] It was [music] truly a design feature that was introduced by the way you mixed works with a Visa card, but wouldn't, let's say, a MasterCard, comes down to the different processes they use to verify transactions. So, what is it

[15:30] about Visa's verification process that makes this hack possible? In a previous video, we saw that any card transaction relies on a secret the bank. When you tap the card or phone onto a

[15:43] reader, the reader sends across a long string of transaction details. The card that message into a unique code for the transaction. The card sends this to the reader, which the reader forwards onto the bank along

[15:56] with the raw transaction details. The bank then applies its own secret key to the raw data as well. And if the output matches the one from the card, the bank authorizes the transaction. This is called symmetric cryptography,

[16:09] secret key. [music] transactions, no matter whether you have a Visa, a MasterCard, or something else. security, which MasterCard uses in all of its transactions, but in this

[16:24] particular case, Visa doesn't. This layer of security is not between the card and the bank, but between the card and the reader. And it's at this step where MasterCard thwarts our attack.

[16:36] This second step relies on asymmetric cryptography, keys, a private key for the card and a public key for the reader. It starts with the reader sending across

[16:48] just like before. The card then uses its private key to string of digits. >> [music] the transaction. The card sends this signature back to

[17:01] the reader along with the public key, which the reader then uses to verify specific card for this specific To illustrate how this works, let's consider a simple example.

[17:14] two components. N is a shared number. In this case, let's say 55. D is the card's private number. Let's And E is the public number. Let's say three.

[17:27] raw transaction data, it represents it as one long number. But, for simplicity, we'll use a much smaller one. Let's say two. To sign for the transaction, the card or the phone raises the transaction number,

[17:40] in this case two, to the power of its private number. So, we get 128. And then, divides this by the shared number, 128 [music] over 55, which leaves a remainder of 18. And this is the card signature, 18,

[17:54] which it sends onto the reader. Now, the reader needs to know whether the transaction is valid. So, it takes the card signature and raises it to the power of the public number. Then, it takes the remainder

[18:06] 55, and you get two. This matches the sent to the card. The reason this works is that the >> [music] >> so that when combined with the shared

[18:20] reverses the operation of the private key. And this allows the reader to verify that the card signature is valid without ever having seen its private This is based on a type of cryptography

[18:33] involved are much larger, >> [music] because that makes it virtually impossible to reverse engineer the And it also means that even a one-digit change in the transaction data will

[18:47] [music] in which case, the reader won't approve the transaction. This is a problem because we've modified the data. The reader's expecting a signature for a high-value retail transaction,

[19:00] but we intercepted the communication, so the phone signature is actually for This wouldn't pass the asymmetric signature check. But, while MasterCard always requires this asymmetric verification, which

[19:13] Visa doesn't. They only require this signature in reader's offline. For example, when you're underground with no signal, there's no way for the reader to communicate with the bank for

[19:26] cryptography, at least not until it comes back online. reader is online the whole time. That way, it doesn't bother using the contains the signature that would unravel our lies.

[19:41] the phone into thinking it's interacting with the transit reader, and transit where Visa does require the asymmetric signature, since the reader could be underground on the subway and therefore offline.

[19:54] >> So, the phone actually does send across its signature to the reader. But, the reader doesn't check it because in reality, the reader's online. So, instead it just relies on that first layer of security with the bank.

[20:06] Even though if it did check the phone signature, it would have all the evidence it needed to stop the hack. So, yeah. There you go. Makes sense that it's that sophisticated cuz it shouldn't be that easy, but that's still seemed

[20:18] And Marquez was not the only victim. I thought it was only fair that I first tried it out on myself. >> [music] >> Yeah, here. Your souvenir from the UK from Tom and me.

[20:32] theft. >> [laughter] >> And then I got another victim with a bit of a bigger budget. Our channel has a nearby. What we're doing is we're setting it to be your transit card.

[20:45] in London you have to use the tube, it'll take money from this [music] card. Something just happened. Yeah. >> [laughter] >> How do you feel about that? >> Oh my goodness, mate. Oh my god.

[20:58] >> There you go. We were just going to meet for a drink. agreement. In the real world, say you had your phone in your pocket. Yeah. I would walk by you Yeah. doing this and Tom would

[21:12] have this in a shop and pay. The easiest way for this to actually be a crime would be a stolen iPhone. Sure. And then someone goes and spends thousands of pounds. So, yeah. You can You could buy a car

[21:24] with this. Jeez. Yeah. Yeah, theoretically. Jeez. Yeah. Wow. I guess all this information publicly and you're telling us we're walking in through it How does it How do we stop people from using this

[21:37] for Or it Can we stop people? Like Who's Who's responsibility is is it to stop Oh, whose responsibility is it is an interesting question. But, you can stop it by turning transit mode off. Or not turn it off and not have a Visa card in

[21:49] transit mode on an Apple. Yeah. And you do need to be careful because as Apple Wallet, Express Transit mode is turned on by default. This hack was first made public way back in 2021 after the professors had

[22:04] >> [music] >> And to get to the bottom of why it's still possible, we reached out to Apple and they didn't agree to an interview, but here's what they said. This is a concern with the Visa system, but Visa

[22:17] likely to take place in the real world. Visa has made it clear that their card holders are protected by Visa's zero liability policy. position when the hack was first made public back in 2021.

[22:31] So, it seems like Apple are basically saying, "Well, this is a Visa problem." thought. I think this specific vulnerability is likely within a controlled setting, very unlikely from a scaled real world

[22:45] is from a consumer perspective [music] is that in the cases where ability to dispute this transaction and get their refund returned to them. I I think that's fair. You're saying it's not entirely scalable and then even

[23:00] money back. Like that's that's a great It's a great stance. I still think though a lot of people and I think our audience would really want to hear that changes to stop this from ever happening again.

[23:13] perspective and whether [music] the network level defenses that we have are effective in making sure that this type of vulnerability is isolated, we believe it is effective because if it

[23:26] wasn't, you would hear a lot more data about how this is an issue and it simply isn't. The The point that I'm making is that you're never going to be able to completely eradicate any specific type of fraud cuz it's going to exist,

[23:42] >> Yes. What I'm saying is that we have the right detections in place to ensure that >> [music] >> Would it not be even better to just say this type of fraud is not possible? Why not just say it's not probable? Why not

[23:57] implementing an actual technical change? If you think about for every $100 of spend that occurs on card payments, 10 cents of that is lost to fraud.

[24:10] So, every $100, 10 cents. If you look at in-person transactions, >> which is what kind of this topic is really much more related to, that number really much more related to, that number goes down to 2 cents for every $100 of

[24:24] fraud that's being made. So, I've been thinking about this hack people who are afraid of flying. Statistically, you're a lot more likely to crash on the drive to the airport than you are in the air. So, I do

[24:37] understand Visa's argument generally. Compared to other kinds of fraud, this is just a drop in the ocean. But, airlines don't accept a small inevitable cost of doing business. [music]

[24:50] No, anytime there's a crash, they analyze it meticulously. Then they do everything in their power to make sure that it's never going to happen again. money back [music] and that's great.

[25:02] >> [music] >> and then wait. Imagine waking up to see $10,000 gone from your account. That's money for rent, insurance, car payment, or a medical bill. Even if the refund does come, the stress

[25:16] before is going to be very real. So, for me the question is whether just saying fact is good enough or when a system touches the lives of so many people, touches the lives of so many people, should we expect better?

[25:34] >> [laughter] >> Yes. >> Yes. Okay, we got the