Although the exploit hasn't been documented in the wild yet, security researchers have discovered a vulnerability in Samsung Pay that could be used to wirelessly steal credit card information.
This exploit was presented at a Black Hat talk in Vegas last week. Researcher Salvador Mendoza took to the stage to explain how Samsung Pay translates credit card data into "tokens" to prevent them from being stolen. However, limitations in the token-creation process mean that their tokenization process can be predicted.
See also: Get $5 by inviting your friends to use Samsung Pay Mendoza claims he was able to use token prediction to generate a token which he then sent to a friend in Mexico. Samsung Pay is not available in that region, but the accomplice was able to use the token to make a purchase using the Samsung Pay app with magnetic spoofing hardware.
So far, there's no evidence of this method actually being used to steal private information, and Samsung has yet to confirm the vulnerability. When made aware of Mendoza's exploit, Samsung said that, "If at any time there is a potential vulnerability, we will act promptly to investigate and resolve the issue." The Korean tech titan reemphasized that Samsung Pay uses some of the most advanced security features available and that purchases made with the app are safely encrypted using the Samsung Knox security platform.
What are your thoughts regarding this latest reported vulnerability to mobile payment systems? All alarm with nothing substantial, or a security issue worth being concerned about? Give us your two cents in the comments below!
Next: Quadrooter: the latest Android security flaw from Android Authority http://ift.tt/2b23H5V
via IFTTT
Aucun commentaire:
Enregistrer un commentaire