New deals! Galaxy S25 Ultra, Z Flip6, Z Fold6, Buds 3 Pro and Watch Ultra!

Login or Join

Search

BEST PICKS BY OUR SAMSUNG EXPERTS
HOT RIGHT NOW
galaxy s25 ultra – samsung apps
Order the King of Android!
Buy now
Latest reviews
samsung galaxy ai
Feel the power of Galaxy AI in the palm of your hands!
All About Galaxy AI
BEST PICKS BY OUR SAMSUNG EXPERTS
HOT RIGHT NOW
TV
samsung qd-display explained
Mihai Matei Explaining Samsung's QD-Display technology
Best TV ever
Trending
samsung one ui 7 icons
Everything about the latest version of One UI
One UI 7

19 October 2016

SamMobile has affiliate and sponsored partnerships, we may earn a commission.

Second Samsung Pay vulnerability discovered

Adnan Farooqui

Reading time: 2 minutes

samsung pay (9)
Pay
A couple of months ago security researcher Salvador Mendoza claimed to have discovered a vulnerability in Samsung Pay which enabled hackers to steal credit cards wirelessly. Samsung did come out with a detailed response to his claims in order to reassure users that Samsung Pay was completely safe. Mendoza now claims to have discovered a second vulnerability in Samsung Pay which he will demonstrate at the Ekoparty security conference in Argentina next week. The first vulnerability exploited a flaw in MST and the second exploits a flaw in NFC which is actually supposed to be more secure. Samsung Pay is the only mobile payments service that has support for both MST and NFC technologies.

Mendoza says that all a thief needs to do in order to steal a Samsung Pay user's credit card is to stand near the checkout terminal with a smartphone that's running the interception app. This app eavesdrops on the NFC transmission and it steals the authentication token after the customer approves the purchase with a PIN code or fingerprint but before payment is actually processed. This brings up an error message on the customer's phone so they try to make the payment again.

This generates a second token which is then good for up to 24 hours. The thief can, in theory, use the stolen token anywhere in the world where it's possible to pay by NFC. Mendoza claims to have tested out this vulnerability at a grocery store. He adds that Samsung has been notified of this vulnerability, it's unclear whether it has been patched because Samsung hasn't commented on this matter as yet.

Via Pay

Trending

All news
One UI 7.0
Galaxy A56
Galaxy S25 Ultra
Galaxy Ring
Galaxy S25 Edge
Galaxy Z Fold 6
Galaxy AI
S95D QD-OLED TV
Galaxy XR headset
Galaxy Watch Ultra
Galaxy Watch 7 Classic
Best Samsung deals in US!
Best Samsung deals in UK!
Best Samsung deals in Europe!
Best Samsung deals in Canada!

You might also like

samsung wallet nfc payments

Tap To Transfer to bring peer-to-peer payments to Samsung Wallet in USA

2 months ago
samsung wallet nfc payments

Galaxy phones can now send and receive money via Samsung Wallet

5 months ago
samsung galaxy s24 ultra samsung wallet payment south korea

Koreans can use Samsung Wallet as cash card at more bank ATMs

6 months ago
samsung wallet air france boarding pass navigo tickets

You can add Air France boarding passes, Paris local transport tickets to Samsung Wallet

9 months ago