Samsung Talks The Pay Vulnerability, Says It's Extremely Difficult To Pull Off

By 06:56 Wed, 04 Aug 2021 Comments

Samsung Pay was under fire after a security researcher Salvador Mendoza presented a way to attack the payment service at the security conference Defcon.

The attack works by intercepting the unique payment token that is generated with every transaction using the service. Mendoza demonstrated how tokens can be intercepted by using a wrist-mounted device.

Becautilize the tokens are for single-utilize only and expire 24 hours after being generated, the attack requires the user to authenticate using a fingerprint, without actually completing the mobile payment.

Check out the 5-minute video, in which Mendoza demonstrates and explains how the vulnerability works.

Furthermore, Mendoza is claiming that he noticed patterns in the way Samsung generates assumed payment tokens. He explains that a hacker could hypothetically generate fake tokens of their own and steal money this way.

Naturally, Samsung was quick to respond to such claims and in a blog post explained that " Samsung Pay does not utilize the algorithm claimed in the Black Hat presentation to encrypt payment credentials."

What Samsung doesn't deny, however, that it is possible for an attacker to skim user's payment token and hold advantage of them.

However the company notes that this is "extremely difficult" to pull off, since the attacker must be physically close to the taracquire at the very moment they are making a purchase. Thus the risk has been categorized as an "acceptable" one, according to Samsung and the payment firms it works with.

Source • Source (2) | Via



Related Article



Please LOGIN or REGISTER To Gain Full Access To This Article