Samsung Pay Flaw lets thieves remotely obtain credit card information
“Samsung Pay’s legacy point-of-sale system compatibility mode may be insecure, as a token theft and remote use vulnerability was demonstrated by a security researcher at the Black Hat conference,” Mike Wuerthele reports for AppleInsider.
Thank you for reading this post, don't forget to subscribe!
“The potential security flaw, demonstrated by security analyst Salvador Mendoza at the Black Hat security conference, relies on Samsung’s “magnetic secure transmission” central to Samsung Pay’s ability to work at existing magnetic stripe point-of-sale terminals,” Wuerthele reports. “A proof of concept magnetic hardware capture device was demonstrated by Mendoza at the conference. His prototype build was strapped to his arm, and forwarded intercepted tokens to an email address. The prototype is also sufficiently small to be hidden inside a point of sale terminal.”
Wuerthele reports, “Samsung claims that the skimming attack which results in a token relay to a third party is a ‘known issue’ and is an ‘acceptable’ potential risk, given the difficulty of executing the attack.”
Read more in the full article here.
About Post Author
