Chinese hackers go after Samsung Pay’s underlying tech, but the service is still safe

After numerous commercial delays, a staggered recent US launch, and amid unflattering comparisons with Apple Pay and the Google Wallet-derived Android Pay, Samsung’s proprietary mobile payment system likely needed peace and quiet to gain traction.

Well, publicity too, but not controversy. Definitely not the type meant to make smartphone users avoid Samsung Pay at all costs, fearing their personal and financial information may be at risk. Unfortunately, the Korean giant got more than it bargained for when purchasing startup LoopPay back in February to set up the Apple Pay rival with minimal effort.

The small Massachusetts company brought invaluable expertise to the table, as Samsung Pay essentially borrowed and mimicked the technology originally developed by LoopPay. In doing so however, the Android device kings exposed themselves and hundreds of millions of people to a cyber-attack from notorious hacking group Codoso.

The e-crime Chinese gang, which is reportedly sponsored by the local government, previously carried out a charge on Forbes.com servers, and probably infiltrated LoopPay’s network mere weeks before the Samsung buyout.

The good news is all signs point to Samsung Pay user data staying protected since the service rolled out, with the “incident” strictly “related to LoopPay’s office network which handles email, file servers and printing within the company.” This is purportedly “physically separate from the production network that handles payment transactions and run by Samsung”, and so, there’s no logical reason to snub Samsung Pay on safety concerns.

The bad news is the hack was discovered many months after it originated, and security analysts suspect the Codoso Group had spying goals, targeting “important individuals”, their whereabouts, and various financial behaviors. It’s entirely possible the threat remains very much active, and LoopPay might not be able to do a lot to stay 100 percent shielded against future breaches.

Sources: Samsung, PCWorldNew York Times

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Adrian Diaconescu
Adrian has had an insatiable passion for writing since he was in school and found himself writing philosophical essays about the meaning of life and the differences between light and dark beer. Later, he realized this was pretty much his only marketable skill, so he first created a personal blog (in Romanian) and then discovered his true calling, which is writing about all things tech (in English).