One of the Samsung’s Pay security blemish is potentially dangerous if exploited. A researcher found a glitch in the Samsung’s Pay that can be used in another phone to deceitfully make payments from the same account as on the original phone.
The idea is to convert the credit card information into tokens in order to prevent the hacker from pilfering information from the device. This is a standard feature in some of the company’s flagship models is not that secure as it might portray to be.
The researcher found that the future tokens can be predicted from the previous ones as the process of generating the tokens is limited. Once the first token is generated the process became vulnerable and the upcoming tokens can be generated without restriction.
The glitch has been demonstrated in a YouTube video where the researcher sent a token to a contact in Mexico and he was able to use it even though Samsung pay is not available in Mexico at the time. He built a contrivance strap that can be used to steal magnetic secure transmission once the person wearing it picks up the targeted phone and the stolen data will be mailed to his mail id. He then transferred the data to a homemade magnetic satire device and can be used to buy products.
A Samsung’s spokesperson said the Samsung pay is built with advanced security features and the data is safe with the Samsung Knox Security platform. If any vulnerability happened the company’s security team will act sharp to resolve it.