“Samsung Pay’s legacy point-of-sale system compatibility mode may be insecure, as a token theft and remote use vulnerability was demonstrated by a security researcher at the Black Hat conference,” Mike Wuerthele reports for AppleInsider.
“The potential security flaw, demonstrated by security analyst Salvador Mendoza at the Black Hat security conference, relies on Samsung’s “magnetic secure transmission” central to Samsung Pay’s ability to work at existing magnetic stripe point-of-sale terminals,” Wuerthele reports. “A proof of concept magnetic hardware capture device was demonstrated by Mendoza at the conference. His prototype build was strapped to his arm, and forwarded intercepted tokens to an email address. The prototype is also sufficiently small to be hidden inside a point of sale terminal.”
Wuerthele reports, “Samsung claims that the skimming attack which results in a token relay to a third party is a ‘known issue’ and is an ‘acceptable’ potential risk, given the difficulty of executing the attack.”
Read more in the full article here.
MacDailyNews Take: Since you’d have to be brain-dead to use Samsung Pay in the first place, but you couldn’t since you’d unfortunately be brain-dead, it’s easily the most secure payment system the world has ever seen.
Anyone who trusts Samsung Pay is either batshit insane or already insolvent. – MacDailyNews, October 7, 2015
Samsung Pay’s profitless model gets a ‘failing grade’ but it provides free insight into consumer behavior – March 8, 2016
Apple Pay is crushing Samsung Pay – February 27, 2016
Chinese hackers infiltrated LoopPay, whose tech is central to ‘Samsung Pay’ – October 7, 2015
Struggling Samsung delays rollout of mobile payment service – June 3, 2015
Google demos Apple Pay wannabe, ‘Android Pay’ – May 28, 2015
Samsung’s LoopPay payment move creates friction with Google – February 20, 2015
[Thanks to MacDailyNews Reader “Dan K.” for the heads up.]