- Oct 6, 2011
- Reaction score
I can't say that I didn't see this coming. Once again we have a lab created hack performed by a security researcher. This time the vulnerability has been found in the security of Samsung Pay. The hack that was discovered is actually quite alarming though since it would enable the hacker to "skim" your credit cards linked to your Pay account and use them in places without actually having your phone.
Samsung Pay works using a magnetic payment system. It translates credit card data into tokens. This means a hacker would not be able to capture your actual credit card number. "Salvador Mendoza" discovered that the sequencing of token generation can be predicted. The tokens can be stolen and added to another phone.
Stealing the token turns out to be pretty simple. Menodza built a home made device that can steal the MST (or magnetic secure transmission). Once he has the info from the card he places it on his very own magspoof device which he can easily make purchases with. According to Mendoza all cards from affiliated banks are vulnerable to this type of attack.
The only thing that wasn't mentioned was whether or not the token stolen also includes your security information (fiingerprint or PIN) which is required to complete the purchase. With security being of up most important to Samsung these days I have a feeling they will have this all patched up quickly. I would suggest taking every update as it comes out if you use Samsung Pay.