Hackers Highlight Samsung Pay Vulnerabilities
A speaker at this year’s Defcon in Las Vegas has highlighted security issues with Samsung’s Pay platform in a presentation entitled Samsung Pay: Tokenized Numbers, Flaws and Issues.
Salvador Mendoza outlined the vulnerabilities in the platform, claiming that the system’s payment tokens are susceptible to interception.
He suggests that a wrist-mounted device or fake payment terminal could be used to skim authentication tokens generated by the users.
In addition, Mendoza claims to have found patterns in Samsung’s method of token generation, suggesting enterprising hackers could fabricate their own usable tokens.
Samsung has responded, saying it is aware of the issue but notes attacks “extremely difficult” to execute upon.