The video of $10,000 being stolen from an iPhone has caused a lot of concern about Apples payment security.. The truth is more complicated than what the headlines say. Let us break this down in a way so you understand what happened how it works and whether you should be worried.

🔍 1. What happened in the video?

The video was made by researchers. Shown on the YouTube channel Veritasium with the help of a popular tech YouTuber named Marques Brownlee. They took an iPhone, which means the screen was off and no Face ID or PIN was used and placed it near a device. In a few seconds a $10,000 payment was made successfully. The owner of the phone did not unlock it. Approve anything. This was not a hack but a controlled demonstration of a known problem that was first found in 2021.

⚙️ 2. The key feature behind the problem: Express Transit Mode

The issue is with a feature called Express Transit Mode in Apple Pay. This feature lets you pay for metro or bus rides without unlocking your iPhone. You do not need Face ID, Touch ID or a passcode. It works instantly for speed and convenience. For example you can tap your iPhone at a subway gate. The payment will happen automatically. The problem with this feature is that it removes a security step, which is user authentication.

👉 The issue is that this convenience makes it easier for someone to make a payment without your approval.

🧠 3. How the attack works

This attack is not magic it is a “man-in-the-middle” attack using NFC or Near Field Communication. Here is how it works: a hacker places a device like Proxmark near your iPhone. The phone thinks it is talking to a transit system. It sends payment data wirelessly using NFC. A computer intercepts that data and the attacker modifies the signals. The payment is then sent to a payment terminal and the bank approves it as a legitimate transaction. The result is that money is deducted from your account without you unlocking your iPhone.

🧩 4. The technical flaw

This exploit works because of three weaknesses combined. First the phone is tricked into “transit mode” so it thinks it is at a subway gate. Second the transaction value is manipulated so $10,000 is disguised as a “value” payment. Third the verification status is faked,. The system is told that the user already approved the payment. This means that the iPhone thinks it is a “low-value transit payment” the terminal thinks the user verified it and the bank thinks everything is valid.

💳 5. Why this mainly affects Visa

This is very important. The problem mainly affects iPhone users who use Apple Pay with a Visa card and have Express Transit enabled. It is safer to use Mastercard because it has cryptographic checks. The reason is that Visa does not always verify signatures but Mastercard always does. This means that tampering can go undetected in this case.

👉 That is why this problem mainly affects Visa users.

🧪 6. Is this a real-world threat or just a lab experiment?

This is possible. Not easy. It requires hardware like a Proxmark device and technical expertise. It also requires proximity to the victim and it only works in a specific setup. Even experts say that this is “unlikely in situations”.

⚠️ 7. When could this actually be dangerous?

Even though it is complex there are scenarios where this could be a problem. For example if someone steals your iPhone they could use this method before you block your card. It could also happen in public places like airports or metro stations, where an attacker could get close enough to your iPhone. Additionally if someone knows you use Apple Pay with a Visa card they could target you specifically.

🏢 8. Apple vs Visa – who is responsible?

There is a bit of blame shifting between Apple and Visa. Apple says that this is a Visa network issue while Visa says that the attack is unlikely and that users are protected by a zero liability policy. This means that even if fraud happens you can get your money back. However critics argue that a fix already exists. Companies are slow to implement it.

🔐 9. How to protect yourself

You do not need to panic. You should take basic precautions. First you should disable Express Transit Mode by going to Settings then Wallet & Apple Pay, Transit Card and selecting None. Second you should avoid using Visa as your transit card and use Mastercard instead if possible. Third you should enable transaction alerts, such as SMS or email notifications from your bank. Fourth you should keep your iPhone secure, especially in crowded areas. Finally you should monitor your bank statements regularly.

📊 10. Key takeaway

This is a vulnerability but it is highly technical and hard to exploit. It only works under conditions and most users are not at immediate risk. The biggest issue is not fraud but rather a design trade-off between convenience and security. The viral video of “$10,000 stolen from an iPhone” is eye-opening but it is slightly misleading without context. Yes it proves that highly secure systems, like Apple Pay can have weaknesses but it also shows that security is layered and breaking it often requires multiple rare conditions. In terms this is a serious technical flaw but it is not a common real-world threat.