Possible Security Flaw Found in Samsung Pay

Possible Security Flaw Found in Samsung Pay

August 8, 2016         Written By John H. Oldshue

Salvador Mendoza, a security researcher, claims to have found a weakness in Samsung Pay’s security, which allows hackers to steal payment tokens and use them in another phone to complete fraudulent transactions.

Samsung Pay works by translating credit card data into a token so that hackers cannot steal credit card numbers from the phone. Mendoza told ZDNet that the tokenization process is limited though, so the sequencing can be predicted, which makes it easy to steal the token.

To steal the token, Mendoza built a machine he can strap to his forearm to intercept the magnetic secure transmission (MST) from someone’s phone. Then, he can email the token to his inbox in order to load it on to another phone. To test the token, Mendoza sent it to a friend in Mexico, and that person could use it with magnetic spoofing hardware to make a purchase–even though Samsung Pay is not available in Mexico.

Hackers could also hide the hardware next to a card-reading machine, just as they do with traditional credit card skimmers. Then, the hacker would just use a wireless magnetic stripe spoofer to load the data and buy products.

Mendoza said that “every credit card, debit card or prepaid card from any affiliated bank” could be stolen, but gift cards are safe, because Samsung Pay uses a barcode to be scanned rather than transmitting a signal.

For its part, Samsung said, “”If at any time there is a potential vulnerability, we will act promptly to investigate and resolve the issue.”

The company also assured users of the service’s safety. “Samsung Pay is built with the most advanced security features, assuring all payment credentials are encrypted and kept safe, coupled with the Samsung Knox security platform.”

The information contained within this article was accurate as of August 8, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About John H. Oldshue

John Oldshue is the creator of LowCards.com. He worked for over 15 years in television and won an Emmy award for his reporting. He covers credit card rate issues for LowCards.com.
View all posts by John H. Oldshue
Featured Low Interest Card
Top Features : 1.25X miles on every purchase; no annual fee; bonus of 20,000 miles once $1,000 is spent in first 3 months
Featured Cash Back Card
Top Features : 1.5% cash back on all purchases; $150 bonus after spending $500 in first 3 months
Featured No Annual Fee Card
Top Features : Earn cash back TWICE. 1% when you buy plus 1% as you pay; 0% APR for 18 months on balance transfers
Featured Bad Credit Card
Top Features : Perfect credit not required; Reports to major credit bureaus
Featured Fair Credit Card
Top Features : No annual fee; access to higher credit line after making first 5 monthly payments on time
Featured Limited/No Credit
Top Features : No annual fee; reports to major credit bureaus; access to higher credit line after making first 5 monthly payments on time