Samsung: Hacking Samsung Pay is Very Difficult


Samsung this week disputed a security researcher's claims that the Korean tech giant's mobile payments system was vulnerable to hacking.

For each transaction, the Samsung Pay app creates a unique digital token that represents the account holder's credit or debit card information. In a research paper prepared for the Def Con hacking conference, security expert Salvador Mendoza claimed that the tokenization process could leave a consumer's financial information vulnerable.

Hackers can exploit the vulnerability by tricking Samsung Pay into reusing a token for multiple transactions, Mendoza wrote. In addition to guessing a token using brute force methods, a hacker could jam the transaction and force Samsung Pay to generate a new token, which he or she could then steal.

The entire process could be completed with little more than a Raspberry Pi and a device called a MagSpoof, which acts as a jammer to confuse a nearby payment terminal, according to Mendoza. Unlike competing contactless payment apps from Apple and Android, Samsung Pay can use the same magnetic strips found in plastic credit cards to complete a transaction.

Samsung did not deny that a hacker could steal its digital tokens, but the company explained that stolen tokens alone are not sufficient to make an unauthorized charge. Samsung Pay checks each transaction against a counter, which tracks the sequence of transactions and determines whether an attempted purchase is older than the last one approved.

The app also requires a secret key, called a cryptogram, in addition to a valid counter check and digital token. These requirements make it unlikely that Mendoza's approach would work in practice. Even if it did, the Samsung Pay app alerts users after each transaction, Samsung explained, making it easy for them to spot and dispute fraudulent charges with their bank.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Weekly rewind: Wearable keyboards, electric jets, Ephemeral tats, and more

    Get ready to change the way you type with this amazing wearable keyboard In the near future, you may not need to touch your phone, tablet, or keyboard when you want to type.That’s the concept behind the Tap Strap, an amazing wearable Bluetooth keyboard that converts finger movements into key presses, so you can tap out messages using any surface as a virtual keyboard.
  • 5300c769af79e

    Bluetooth 5 Bringing Double Range, Quadruple Speed

    The underground marketplace is booming and only getting bigger, more sophisticated, and competitiv Next week marks the formal debut of Bluetooth 5, which will double the range and quadruple the speed of the wireless standard.The goal of these improvements is to accelerate industries such as industrial automation, smart infrastructure, smart homes, and location-based services.
  • 5300c769af79e

    It Took Motorola Two Years to Develop Moto Mods, Reminds Developers About MDK

    For third-party hardware developers, the Moto Mods platform creates a unique opportunity to bring a new experience to a built-in audience of Moto Z device owners.With that being said, Motorola is reminding all third-party developers (software and hardware) that made its MDK (Moto Mods Development Kit) is available for purchase in the US.
  • 5300c769af79e

    Microsoft's Skype Meetings Aimed At Small Businesses

    To help you optimize security as you cope with complexity, InformationWeek is offering you an excl Microsoft is offering Skype Meetings, a free, pared-down version of Skype for Business.Anyone in the US with a business email address and whose organization doesn't already have Office 365 can sign up for free Skype Meetings.