Story written by Park Soon-chan published on Chosun August 8 said that Samsung on Sunday denied that the Samsung Pay mobile payment service is vulnerable to hacking.
|In this YouTube video, security expert Salvador Mendoza demonstrates stealing a Samsung Pay token using a special device on his wrist.|
Security expert Salvador Mendoza showed at the Black Hat security conference in Las Vegas last week that it is possible to steal a token from a Samsung Pay device and use it to make a transaction on another device.
But the Korean electronics giant claimed the hack was performed in an artificial environment and Samsung Pay is safe in real life.
The payment service works by translating credit card data into temporary tokens that are deactivated immediately after the transaction is made, supposedly so that hackers cannot steal the information.
But Mendoza activated the service on a smartphone and used a special device to wirelessly steal the token. He showed that if the service is deactivated without making a transaction, tokens in some cases remain valid for up to 24 hours and can be stolen for use in other hardware.
Samsung Pay is currently available in eight countries including Korea, China and the U.S.
Samsung said special devices like a large antenna were used in Mendoza's demonstration, and the possibility of hacking the service in real life extremely low as tokens remain valid only 30 seconds here and banks slam on an immediate break once a fraudulent transaction is identified.