LAS VEGAS. The era of smartphone based payment systems is now here, but it might be a little insecure. In a presentation at DEFCON 24 here, researcher Salvador Mendoza detailed a litany of design and process flaws in how Samsung Pay work that could potentially enable an attacker to abuse the system.
Being DEFCON, Mendoza also had a demo, albeit a recorded one, but it was done in Vegas and recently tool. In the demo he places his sniffing devices near a beverage vending machine. After a user of Samsung Pay attempts to use their phone to buy a drink, Mendoza’s device caputres the authentication token and is then able to reply them back to the vending machine and get himself a drink – for free.
Overall, Mendoza noted that Samsung Pay does have some levels of security it still could be a target for malicious attacks. He added that Samsung Pay has limitation in the tokenization process which could affect customers’ security.
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist