In a session at Blackhat USA 2017, a senior researcher for Positive Technologies will demonstrate two separate attacks that can be performed against ApplePay, highlighting weaknesses in the payment method. While one will require a jailbroken device, the other does not.
In one attack, hackers will need to first infect a jailbroken device with malware. Having done so, they are then able to intercept traffic as it is transferred to the Apple server, in this case payment data being added to the device’s account.