A company representative has revealed that the mobile wallet may not be as safe as previously believed.
A Samsung Pay security flaw has been identified. A representative of the company has released a statement to the public to help to explain the problem. The scary component of this report is that it could place the transaction details in the hands of a hacker.
This has arrived at a time when mobile payments are only just starting to be accepted by consumers.
Among the main barriers to the adoption of mobile wallets has been fears of problems such as the Samsung Pay security issue. Consumers have been wary of using their smartphones to contain or communicate credit card and banking details. More recently, as larger players have launched mobile payments solutions, consumers have started to think of the services as safer.
Apple, Google and Samsung have been working hard to establish leadership in what could potentially be a tremendous market. Companies have been assuring consumers and merchants alike that mobile payments are safe. Unfortunately, a nasty flaw has now been discovered.
The Samsung Pay security flaw was discovered by Salvador Mendoza, a security researcher.
Mendoza discussed the mobile security problem in Las Vegas at his Black Hat talk. He described the flaw in the way tokens are requested by the mobile wallet. To complete a transaction, Samsung Pay generates unique tokens for each one. The goal is to hide the credit card or other payment information. That way, if the data is ever intercepted, the financial details won’t be accessible to the hacker.
However, Mendoza claims that the process becomes weaker with each token generated by Samsung Pay. He described the process and showed that the more tokens are generated the easier it will be for hackers to predict future tokens. If future tokens become predictable, they can be stolen for use on other devices.
Furthermore, Mendoza said he proved this concept by sending a token to a friend located in Mexico. That friend then spoofed the token, even though Mexico isn’t one of the countries in which Samsung Pay has been released.
At the time of the writing of this article, it was not yet officially announced whether the Samsung Pay security flaw had been corrected.