Samsung Pay in Mexico? Nope, just a security threat

There’s more security news in the wake of Def Con 24 and it involves how Samsung Pay handles its mobile payments transactions. One Salvador Mendoza has found a way to steal authentication tokens and use them in a spoofing device to commit fraud.

Mendoza details the process in a video:

The problem comes down to the tokens, which are created each time someone activates the transaction UI and do not expire until about a day later. These tokens, if collected by a fake reader or something similar, can be used by miscreants to make authentic purchases on the Samsung Pay user’s dime. No need to steal information, just a token.

As a test, Mendoza sent a Samsung Pay token to a friend in Mexico. That person was able to load the token onto spoofing hardware and then make a purchase with that token. Samsung Pay is not active in Mexico.

Samsung released a general statement in regards to inquiry saying that “if at any time there is a potential vulnerability, we will act promptly to investigate and resolve the issue” and assured users of the technology’s security.

Via: AndroidGuys


Discuss This Post

Read More

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Jules Wang
Jules Wang is News Editor for Pocketnow and one of the hosts of the Pocketnow Weekly Podcast. He came onto the team in 2014 as an intern editing and producing videos and the podcast while he was studying journalism at Emerson College. He graduated the year after and entered into his current position at Pocketnow, full-time.