Can a Locked iPhone Make Payments? Apple Pay Transit Mode Vulnerability Explained [2026 Latest]

Cybersecurity researchers have shattered the myth that a locked iPhone is an impenetrable fortress. In a recent demonstration, experts successfully drained $10,000 from a device without the owner ever touching it. The victim was tech reviewer Marques Brownlee, whose phone remained completely locked throughout the entire process.

This is not a theoretical lab experiment but a functional exploit that targets the convenience of modern life. The attack utilizes the Express Transit Mode feature designed for subway commuters and bus riders. It turns a tool meant for speed into a vector for high-value theft by malicious actors.

The researchers used a small device to mimic a transit gate and trick the phone into thinking it was paying a fare. However, they did not stop at the price of a subway ticket. By manipulating the digital handshake, they managed to bypass every standard security layer protecting the user's bank account.

But the most chilling aspect is that this vulnerability has been public knowledge since 2021. Despite years of warnings, the loophole remains open for anyone with the right equipment. This exploit proves that convenience often comes at the direct expense of your financial sovereignty.

The core of this heist is a classic Man-in-the-Middle (MitM) attack executed with surgical precision. The attackers use a device called a Proxmark to intercept the radio waves between the phone and a legitimate payment terminal. These signals travel through a shared magnetic field that is inherently unencrypted for compatibility reasons.

Therefore, the attacker becomes the bridge between your wallet and the merchant. The Proxmark captures the raw transaction data and beams it to a nearby laptop. A custom Python script then modifies the data packets in real-time before sending them back to a burner phone.