Stop using Samsung Pay or lose your money, there is a vulnerability in the system which allows hackers to hack it easily and make fraudulent payments on your behalf
Samsung Pay is accepted virtually anywhere you can swipe or tap your card.Samsung Pay makes transactions super easy — Swipe up to launch the app. Secure with your fingerprint. Hover your device over the card reader to pay.
Recently it is discovered that how easy it is to hack it. Do not forget to watch the video shows you how some one could manage to go away with your money.
The issue has been highlighted by Salvador Mendoza, who said that the sequence generated by the tokenization process can be predicted as it is quite limited. He explained that after the app has generated the first token for a specific card, future tokens for the same card are easier to predict because they are not as secure. If the tokens are then stolen, they can be used in any other device to carry out fake transactions. This is the newest form of credit card skimming.
Mendoza said that he had tested this finding by sending his friend, who was in Mexico, the token for his card. He said that despite the service not being available in Mexico his friend could carry out transactions from his card without any problem.
The central task in this fiasco is stealing the tokens. Mendoza has also demonstrated how that can be done. He built a contraption that fit on his arm and could steal magnetic secure transmission wirelessly whenever he would pick up somebody’s phone.
This contraption would then email the token to his inbox, which he can later compile on another phone. In Mendoza’s case, he loaded the token on an open-source magnetic stripe spoofer called MagSpoof and was able to carry out transactions.
Mendoza has warned that all kinds of cards from all banks can be exploited in this manner with the exception of gift cards. This is because Samsung replaces the signal with a barcode scanning in case of gift cards. As for Samsung, they have not made any comment on whether they will be looking into solving this issue.
They did issue a statement, though, saying that Samsung Pay has some of the most advanced technology in use currently, and if the company finds a potential vulnerability, it would do all it can to resolve it.
its in Spanish but translated into English
Source: Zdnet Report,hackread,Google news,Samsung