Samsung paid exposure security risks, is remotely pay fraudulent-Samsung, Samsung Pay-IT information

According to foreign media reports, network security at the Black Hat Conference in Las Vegas this week, researchers saerwaduo·menduosa (Salvador Mendoza) pointed out that the Samsung mobile payments Samsung Pay security limitations. If a hacker finds this vulnerability, you can use another phone to complete fraudulent payments.

Samsung Pay is a contactless payment system based on magnetic, it has some of the latest Samsung Smartphone became one of the standard features. Through your credit card data is converted to a markup, Samsung Pay so that hackers can not access to credit card numbers from the user's device.

However these tags and not as safe. Mendoza's findings, Samsung Pay the tokenization process is extremely limited, and predicted the sequence of tokens. On August 4 before the keynote speech at the Black Hat Conference, Mendoza explained in an e-mail message, said Samsung Pay on a credit card from a specific after the first marker, the tokenization process begin to weakens. This means that hackers have a chance to predict the future tag.

Hackers can steal Samsung Pay mark, and then use it on other devices in the fraudulent transactions are not restricted. Mendoza said the attacker can steal from the Samsung Pay equipment tags, and then use it without restrictions. He said he had one of his Mexico friends send a symbol, even Samsung Pay there is no entering Mexico markets, the buddy will be able to use it in the magnetic trick hardware purchases.

On the question of how to steal signs, Mendoza said the process is fairly simple. Mendoza developed the device bundled with their forearm, when he picked up the phone, this device can wirelessly stolen magnetic transmission, then steal sign by e-mail sent to his personal mailbox. Then Mendoza, you can edit the tag to another cell phone.

Mendoza said all bank credit cards, debit cards and prepaid cards will be affected by the impact of such attacks. However, this attack is not valid for gift cards, because Samsung Pay throws a bar code is scanned, rather than sending a signal.

Samsung did not disclose whether the company will fix this vulnerability. A spokesman for the company said "Samsung Pay based on developing more advanced security features, ensuring that all payment information are encrypted and guaranteed its security. If Samsung Pay being security risks, we will proceed immediately to investigate and solve the problem. ”

三星支付曝安全隐患，可被远程盗刷 - 三星支付,Samsung Pay - IT资讯

据外媒报道，本周在拉斯维加斯参加黑帽大会的网络安全研究人员萨尔瓦多·门多萨（Salvador Mendoza）指出，三星电子移动支付功能Samsung Pay的安全存在局限性。如果黑客发现了这一漏洞，可以通过另一部手机完成欺诈性付款。

Samsung Pay是基于磁性的非接触支付系统，它已在一些最新款的三星电子智能手机中成为标准功能之一。通过把信用卡数据转换为标记，Samsung Pay让黑客无法从用户的设备中获取到信用卡卡号。

不过这些标记并没有想象中的安全。门多萨的研究结果显示，Samsung Pay的标记化过程极为有限，且可以预测标记的序列。先于8月4日黑帽大会的主题演讲之前，门多萨在电子邮件中曾解释称，在Samsung Pay从特定的一张信用卡上产生第一个标记之后，其标记化进程就开始变弱。这也就意味着黑客有机会来预测未来的标记。

黑客可以盗用Samsung Pay产生的标记，然后用它在其它设备中不受限制的进行欺诈交易。门多萨称，攻击者可以从Samsung Pay设备中盗取标记，然后不受限制的使用它。他说，他曾向自己的一位墨西哥好友发送了一个符号，即便是Samsung Pay目前还没有进入墨西哥市场，这位好友仍能够使用它在磁性欺骗硬件上购买商品。

关于如何盗取符号的问题，门多萨称其实过程相当的简单。门多萨开发的这台设备捆绑在自己的前臂，当他拿起别人的手机时，这台设备就能够通过无线方式盗取磁性安全传输，然后会把盗取的标记通过电子邮件形式发送到他的个人邮箱。然后，门多萨就可以把这个标记编辑到另一部手机。

门多萨称，所有银行的信用卡、借记卡和预付卡都将会受到此类攻击的影响。不过这种攻击方式对礼品卡无效，因为Samsung Pay抛出一个条码进行扫描，而不是发送一个信号。

三星电子方面并未透露该公司是否将修复这一漏洞。该公司发言人称，“Samsung Pay基于更先进的安全功能进行开发，确保所有的支付信息都进行加密和保证其安全。如果Samsung Pay存有安全隐患，我们将立即着手进行调查，并解决相关的问题。”