Second Samsung Pay vulnerability discovered
A couple of months ago security researcher Salvador Mendoza claimed to have discovered a vulnerability in Samsung Pay which enabled hackers to steal credit cards wirelessly. Samsung did come out with a detailed response to his claims in order to reassure users that Samsung Pay was completely safe. Mendoza now claims to have discovered a second vulnerability in Samsung Pay which he will demonstrate at the Ekoparty security conference in Argentina next week. The first vulnerability exploited a flaw in MST and the second exploits a flaw in NFC which is actually supposed to be more secure. Samsung Pay is the only mobile payments service that has support for both MST and NFC technologies.
Mendoza says that all a thief needs to do in order to steal a Samsung Pay user’s credit card is to stand near the checkout terminal with a smartphone that’s running the interception app. This app eavesdrops on the NFC transmission and it steals the authentication token after the customer approves the purchase with a PIN code or fingerprint but before payment is actually processed. This brings up an error message on the customer’s phone so they try to make the payment again.
This generates a second token which is then good for up to 24 hours. The thief can, in theory, use the stolen token anywhere in the world where it’s possible to pay by NFC. Mendoza claims to have tested out this vulnerability at a grocery store. He adds that Samsung has been notified of this vulnerability, it’s unclear whether it has been patched because Samsung hasn’t commented on this matter as yet.