By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    An Android that robbed your bank account -Kaspersky Daily
    8 months ago
    New CryptoLocker-like Malware for Android
    8 months ago
    Kaspersky Safe Kids Protects Your Child From Cyberbullying
    8 months ago
    Latest News
    Safeguards against firmware signed with stolen MSI keys
    1 day ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    1 day ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
    6 days ago
    Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    How To Configure Cloudflare To Maximize WordPress Speed + Security
    7 months ago
    Windows 11 build 25179 rolls out in the Dev Channel
    8 months ago
    How to set a static IP address on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    What is two-factor authentication | Kaspersky official blog
    2 days ago
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    4 days ago
    NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
    4 days ago
    How Oxy uses hooks for maximum extensibility
    How Oxy uses hooks for maximum extensibility
    5 days ago
    The personal threat landscape: securing yourself smartly
    5 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to enable dark mode for new Outlook app on Windows 11
    3 weeks ago
    New Fraud in India with porn deepfakes
    8 months ago
    Google My Business Temporarily Removes Features Due to COVID-19
    8 months ago
    Latest News
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    2 days ago
    How to enable Taskbar End Task option to close apps on Windows 11
    2 days ago
    How to check USB4 devices specs from Settings on Windows 11
    2 days ago
    How to enable new header UI for File Explorer on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: Analysis of Samsung Pay Security Features And Issues
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

Analysis of Samsung Pay Security Features And Issues

Vitus White
Last updated: 7 October
Vitus White 8 months ago
Share
7 Min Read

At the Mobile World Congress in Barcelona earlier this month, Android smartphone giant, Samsung, released its mobile payments platform, Samsung Pay. The name will almost certainly draw comparisons to Apple Pay, the mobile payments platform of Samsung’s biggest competitor. However, Samsung Pay has something that Apple Pay does not: Magnetic Secure Transmission (MST).

MST was actually developed by a company called LoopPay. In mid-February, Samsung quietly acquired LoopPay. While use of Apple Pay is limited to those merchants who deploy near-field-communication enabled point-of-sale terminals, the inclusion of MST means that Samsung Pay has the capacity to interface with existing mag-stripe reading point-of-sale systems. Magnetic stripe readers, of course, constitute the vast majority of payment terminals, particularly in the United States where Chip and PIN (EMV) adoption lags. That said, Samsung Pay is also reportedly NFC-ready, though the company is being tight-lipped about its new payment app.

[email protected] is joining forces w/ LoopPay to drive the most compelling, secure & widely accepted digital wallet:http://t.co/q24wjBhA4a

— LoopPay (@LoopPay) February 19, 2015

We aren’t particularly interested in wading into the never-ending Apple vs. Samsung argument here at the Kaspersky Daily, but we are, as always, very interested in the security posture of any new – and potentially popular – payment platform. There isn’t a ton of research available on the security of MST or about the workings of Samsung Pay in general, so we looked to LoopPay to see what the company has had to say about its technology, which is being built into Samsung Pay.

What do we know right now about #security in the yet-to-be released #SamsungPay?

Tweet

To begin, MST works by running alternating currents through an inductive loop and generating a dynamic magnetic field that changes over a user-specified period of time. Magnetic card stripe readers — like the ones you slide your credit or debit card through — will recognize this magnetic field if your device is within three inches of the reader.

Like a traditional credit or debit card, this magnetic field contains your payment information. The field only exists while the user chooses to transmit it and the field dissipates rapidly beyond three inches, meaning an attacker would have to be incredibly close during the payment process in order to steal payment data. It’s not clear how or if this technology offers any substantive security upgrades over the traditional card-payment model. But it’s safe to presume it doesn’t.

Samsung Pay vs. Apple Pay: There's a difference http://t.co/6tDhvPaLIx pic.twitter.com/mi8z7d7ktu

— CNET (@CNET) March 5, 2015

Inside the LoopPay application, users can select if they want their device to emit that magnetic field all the time, never, for ten minutes or eight hours, or some other period of time. With LoopPay itself, there seems to have been a detachable hardware component with its own button for transmitting payment data. So, users would have to set their device to transmit payment data for a certain amount of time and then physically press a button in order to make the service work.

For Samsung, it seems the MST hardware and transmission button are all built into Samsung Pay enabled devices. We reached out to Samsung for confirmation, but the company isn’t saying much about their forthcoming payments platform.

Samsung Pay on the Galaxy S6, and why it matters http://t.co/RMStE0Faga #android pic.twitter.com/OSYD5VxSEv

— Android Central (@androidcentral) March 10, 2015

However, in a press release, Samsung explained that users will only need to swipe upward from the bottom of the screen to initiate the Samsung Pay app. They can then choose a payment method from among the cards they have stored in the Samsung Pay wallet and authenticate payments with their device’s built-in fingerprint scanner. More interestingly in terms of security, the press release also makes vague mention of how Samsung Pay will bolster security with the involvement of Samsung’s secure Knox sub-operating system.

If Samsung is not able to incorporate Chip and PIN into Samsung Pay, then they are simply forcing an outdated and insecure mode of payment into the future

It remains unclear how the coming integration of the more secure Chip and PIN technologies will impact the deployment of a technology that relies on magnetic stripe readers. LoopPay has an entire FAQ section dedicated to EMV-related questions. Their position seems to be that MST is as secure as Chip and PIN. It will be interesting to see if Samsung has different plans, especially considering the move to fully adopt Chip and PIN by the end of 2015 in the U.S.

If Samsung is not able to incorporate EMV into Samsung Pay, then they are simply forcing an outdated and insecure mode of payment into the future. Beyond that, LoopPay seems to be gambling that magnetic stripe readers are here to stay, and there is simply no way of knowing how quickly and thoroughly Chip and PIN will be adopted in the U.S. or if some other payment mechanism will emerge and disrupt the current model.

The more obvious concern is implementation. Like everything from operating systems to connected thermostats: bugs are an inevitability. We’ll have to wait for the official release in South Korea and the U.S. this summer. Once Samsung Pay is on the open market, security researchers and attackers will go bug hunting, and we’ll be here to report about it.

Do you use #ApplePay? Better watch out, it's being used to commit fraud. http://t.co/LbU8ipsm7L

— eWEEK (@eWEEKNews) March 10, 2015

It’s also worth noting that Android’s open platform and 76.6 percent market-share — two of the reasons Android has been more heavily targeted by criminals — could make Samsung Pay more attractive to scammers than Apple Pay, which has been the subject of a bit of low-level fraud this month.


Source: kaspersky.com

Translate this article

TAGGED: Security, Threats
Vitus White October 7, 2022 October 7, 2022
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Safeguards against firmware signed with stolen MSI keys
Threats 1 day ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats 1 day ago
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
News 2 days ago
How to enable Taskbar End Task option to close apps on Windows 11
News 2 days ago
How to check USB4 devices specs from Settings on Windows 11
News 2 days ago

Recent Posts

  • Safeguards against firmware signed with stolen MSI keys
  • WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
  • How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
  • How to enable Taskbar End Task option to close apps on Windows 11
  • How to check USB4 devices specs from Settings on Windows 11

You Might Also Like

Threats

Safeguards against firmware signed with stolen MSI keys

1 day ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

1 day ago
News

How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11

2 days ago
How To

What is two-factor authentication | Kaspersky official blog

2 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

What is two-factor authentication | Kaspersky official blog
Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
How Oxy uses hooks for maximum extensibility
The personal threat landscape: securing yourself smartly
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Previous Next
Hot News
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
How to enable Taskbar End Task option to close apps on Windows 11
How to check USB4 devices specs from Settings on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?