A war of words has broken out after a security researcher claimed last week that Samsung’s contactless mobile payment system is vulnerable to skimming and spoofing attacks.
In talks at both the Black Hat and DEF CON security conferences, held last week in Las Vegas, Salvador Mendoza claimed that he was able to intercept a Samsung Pay token transmitted over the air using a gizmo hidden under his shirt cuff.
Wait, what’s a Samsung Pay token? Well, the token comes in three parts.
One is generated by the payment networks, it is associated with a credit or debit card, and it is stored on the Samsung smartphone. The second part is a counter that increments on every transaction in an attempt to thwart replay attacks. The final part is a message authentication code generated from the payment network-provided token, the counter and a secret key embedded in the phone’s ARM-compatible processor; this authentication code is used to prove the token was sent from a Samsung device and wasn’t tampered with over the air. For the full article click here
from hacker samurai http://ift.tt/2aV92ZD
via IFTTT
No comments:
Post a Comment