• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Samsung

Samsung Pay Vulnerability allows Hackers to make Fraudulent Transactions

August 6th, 2016 Ali Raza Security, Samsung 0 comments
Samsung Pay Vulnerability allows Hackers to make Fraudulent Transactions
Share on FacebookShare on Twitter
Hackers show how easy it is for attackers to hack Samsung Pay and make Fraudulent Transactions!

The token-based payment system developed by Samsung called Samsung Pay is vulnerable to credit fraud as hackers can use the tokens generated to carry out transactions remotely, ZDNet reports.

Samsung Pay is a magnetic-based contactless system that was created in order to do away with the need for entering your credit card details anywhere. This system comes as a standard in some newer Samsung phones and works by means of translating credit card data into tokens.

However, a security researcher has highlighted a flaw in this mechanism, and if that is exploited then it can allow the hacker to carry out fraudulent transactions on a different phone.

Must Read: Samsung Galaxy Phones Prone to Hacking via USB Cable even if Locked

The issue has been highlighted by Salvador Mendoza, who said that the sequence generated by the tokenization process can be predicted as it is quite limited. He explained that after the app has generated the first token for a specific card, future tokens for the same card are easier to predict because they are not as secure. If the tokens are then stolen, they can be used in any other device to carry out fake transactions. This is the newest form of credit card skimming.

Mendoza said that he had tested this finding by sending his friend, who was in Mexico, the token for his card. He said that despite the service not being available in Mexico his friend could carry out transactions from his card without any problem.

The central task in this fiasco is stealing the tokens. Mendoza has also demonstrated how that can be done. He built a contraption that fit on his arm and could steal magnetic secure transmission wirelessly whenever he would pick up somebody’s phone.

This contraption would then email the token to his inbox, which he can later compile on another phone. In Mendoza’s case, he loaded the token on an open-source magnetic stripe spoofer called MagSpoof and was able to carry out transactions.

Mendoza has warned that all kinds of cards from all banks can be exploited in this manner with the exception of gift cards. This is because Samsung replaces the signal with a barcode scanning in case of gift cards. As for Samsung, they have not made any comment on whether they will be looking into solving this issue.

They did issue a statement, though, saying that Samsung Pay has some of the most advanced technology in use currently, and if the company finds a potential vulnerability, it would do all it can to resolve it.

Must Read: Be careful of what you say in front our Smart TV, warns Samsung

https://twitter.com/alsutton/status/761708689044697088

Watch the demo below (Spanish language)


[fullsquaread][/fullsquaread]

Must Read: Samsung Smart Refrigerator Hacked, Left Gmail Login Credentials Vulnerable

  • Tags
  • def con
  • Flaw
  • hacking
  • internet
  • Samsung
  • security
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Anonymous DDoS Brazilian Government Websites Because Rio Olympics
Next article Twitter Accounts of Vimeo Founder Zach Klein, YouTuber Alexa Losey Hacked
Ali Raza

Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. His work has been featured in many major crypto and tech websites including Hacked, Hackread, ValueWalk, Cryptoslate, CCN, and Globlecoinreport to name a few. Raza is the co-founder of 5Gist.com, too, a site dedicated to educating people on 5G technology.

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

47
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

80
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

107

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us