A flaw has been discovered in Samsung Pay which can eventually be exploited by the hacker to wirelessly steal credit cards. Hackers also shows up in action how it’s that easy to hack Samsung Pay and made Fraudulent transactions. Now that it has been hit by attacker, the token-based payment system developed by Samsung Pay is vulnerable, as hackers can use the tokens generated to carry out transactions remotely.
The way Samsung Pay secures transactions involves translating credit card data into tokens so that card numbers can’t be stolen from the device. But the security researcher Salvador Mendoza has discovered that those tokens aren’t been as secured as one might expect them to be. Discovered that the tokenization process is limited and that the sequencing of those can be predicted. Explained that after the app has generated the first token for a specific card, future tokens for the same card are easier to predict because they aren’t secured enough. If those tokens have been stolen, then, they can be used in any other device to carry out fake transactions. For that matter this is the newest from of credit card hijacking.
Samsung Pay, this is South Korean company magnetic-based contactless system that was created in order to do away with the need for emerging your credit card details anywhere. It comes as a standard in some newer Samsung phones and works by means of translating credit card data into tokens. Mendoza has also demonstrated how that can be done.
He loaded the token on an open-source magnetic stripe spoofer called MagSpoof and was able to carry out transactions, and he warned that all kinds of cards from all banks can be exploited in this damn manner with the exception of gift cards. Why? Because Samsung replaces the signal with a barcode scanning in case of gift cards. On this matter, Samsung have not made any comment on whether they will be looking forward into solving this issue.
“Samsung Pay is built with the most advanced security features, assuring all payment credentials are encrypted and kept safe, coupled with the Samsung Knox security platform.”
If the company finds a potential vulnerability, it would eventually do all it can to resolve it.
You may also like to check out: