Vulnerability in Samsung Pay Discovered, Allows Hackers to Steal your Credit Card Wirelessly
If you’re a Samsung Pay user, read this article carefully if you want to avoid your credit card data to be compromised. According to Salvador Mendoza, a security researcher, the Samsung Pay system which is used by millions of smartphone users to make mobile payments all around the world can be exploited by hackers to steal your credit card information.
Samsung Pay works by transforming your credit card information into tokens, thus avoiding the “real” data to be stolen directly from your smartphone. However, Salvador Mendoza just discovered that the real problem with the tokens is that they’re not as secured as advertised. The new intel was presented earlier this week at a Black Hat event which took place in Las Vegas.
The problem is with the algorithm used in the “tokenization” process, i.e. it’s not as random as it should be and the general idea is that it can be “predicted” thus emulated. The process becomes vulnerable after the Samsung Pay application generates the initial token for your credit card, meaning that future tokens can be predicted with accuracy by a third party (here the hacker comes into play).
Now, if your smartphone is compromised by a black-hat hacker, meaning that he somehow gets access to your droid using various methods, ranging from intercepting your wireless internet traffic or infecting your smartphone with malware (you can get malware installed on your droid by visiting malicious websites or installing compromised apps, I’ve wrote a few articles in the past about these issues, including Pokemon Go malware), he can “sniff” your tokens and make unauthorized transactions over the internet using your credit card details.
Mendoza proved hisÂ theoryÂ by sending one of the intercepted tokens to a friend from Mexico who afterwards managed to “clone” the respective credit card and to use it in Mexico for buying stuff (Mexico doesn’t even support Samsung Pay by the way).
Samsung doesn’t confirmed yet that it’s aware of the problem or if they are working to mitigate the issue. Check out the video for more clarifications and try to be extra-careful when using your smartphone for making payments, okay?