You are here
Home > Android > Vulnerability in Samsung Pay Could Enable Hackers to Steal Credit Cards Wirelessly

Vulnerability in Samsung Pay Could Enable Hackers to Steal Credit Cards Wirelessly

Share this articleEmail this to someoneTweet about this on TwitterShare on Google+Share on RedditPin on Pinterest

Hackers could exploit a vulnerability that has been discovered in Samsung Pay. This would allow them to steal credit cards wirelessly. Samsung secures transactions by translating credit card data into tokens. This way the card numbers won’t be stolen from the device. Salvador Mendoza, a security researcher, has discovered that the tokens aren’t as secure as they were first thought to be. He discovered that the token process is limited and that sequencing the tokens can eventually become predicted. The process becomes weaker after the app generates the first token for a specific card. There are greater chances that the next tokens could be predicted.

Hackers that know how to do this would then steal the data and use them in other devices to make unauthorized transactions for items. This theory was proven when Mendoza sent a token to a friend in Mexico. The friend then was able to use magnetic spoofing hardware to make a purchase with Samsung Pay. Samsung Pay hadn’t even launched in Mexico yet when this happened. The video below shows Mendoza explaining more:

Samsung issued a press statement and acknowledged that Mendoza’s token skimming method could be used to make illegal transactions. They explained that difficult conditions must be met in order for a hacker to exploit the system. The skimmer must be in very close range to the victim because MST is a very short-range communication method. The skimmer must jam the signal before it reaches the payment terminal or convince the user to cancel the transaction after it has been authenticated. Samsung says that the issue is an “acceptable” risk and explain that the same methods could be used to make illegal transactions with other systems such as debit or credit cards.

Source: SamMobile

Matthew Whitaker
Founder and owner of Swipe to Unlock News. Matthew's current daily driver is the frost colored 64GB Nexus 6p.