Samsung talks the Pay vulnerability, says it's extremely difficult to pull off

• r
• refuses to update
• qka
• 14 Aug 2016

Id like to give my "two cents"...or is it tencent now?
Inflation...go figure. Anyway, I am a college graduate...twice over btw...and am highly intellegent.
THAT'S exactly why I DON'T UPDATE. Considering the charactter flaws that have come upon those who did, I decided I would rather be behind. And if you are also of a wise knowledge base,you can see that in doing that,I actually became the one in the lead.:)
God bless! P.s. Push your thinker in the deep end.Its great for the SOUL.:)

• Reply

• A
• Akinaro
• J8}
• 10 Aug 2016

Samsung is not alone here, most of today new paying methods are made in really weird and lame way(like 24h delay before it expire).
No one care that they actually manage our money, they advertise it as a cool feature that you just "use" like it would be new camera or bigger screen in phone, people totally forgot that its about money and access to them, and they should think about it as bank security, not "another phone function"

• Reply

• v
• viveksubhash
• utN
• 10 Aug 2016

i don't understand...usual payment gateway instances expire in 3-5 min...24hrs???what are we dealing with?

• Reply

• S
• Sun Sand
• f}v
• 10 Aug 2016

Close enough to be able to kiss the guy.

• Reply

• ?
• Anonymous
• uJD
• 10 Aug 2016

Anonymous, 10 Aug 2016and apple uses tokenisation, why wern't they mentioned ? ( ... moreThis issue is mainly because Samsung support old magnetic payment methods..

NFC is not affect.

Use NFC type payment, should not have any issues of token leak. Legacy is bad, real bad.. Android are all the same.. no updates / refuse to update / refuse to learn new things, stuck on file manager old ways of doing things.

• Reply

• D
• AnonD-361638
• X}L
• 10 Aug 2016

AnonD-126854, 10 Aug 2016I can understand you. All the propaganda is against Samsu... moreGood one bro

• Reply

• D
• AnonD-570537
• xYp
• 10 Aug 2016

Although seems plausible but i believe it can be made even more difficult for the attacker if:
1) The token expires much earlier (i.e within a few seconds, where the user have ample time to pay)
2) When getting new tokens, the old one shall expire, or if the user goes back to non transmit state it shall expire (don't understand why so long to expire at 24hours)
3) Dual way verification. Samsung pay user transmit the token, the user gets the sms and must key in the correct randomized pin from sms before the purchase can continue.
4) Request a tokenized key first from the bank and then hash it with the pay transmit before making the purchase.

• Reply

• ?
• Anonymous
• uJD
• 10 Aug 2016

Anonymous, 10 Aug 2016If being that close is required to pull off this exploit, t... moreNo need... just make sure you are the merchant.

Seller and Buyer normally are in close proximity.

• Reply

• ?
• Anonymous
• IV8
• 10 Aug 2016

If being that close is required to pull off this exploit, then it is faster to just whip out a knife and ask them for money LOL jk

• Reply

• D
• AnonD-126854
• n7R
• 10 Aug 2016

Anonymous, 09 Aug 2016I have a galaxy phone with Samsung Pay, but I still prefer ... moreI can understand you.
All the propaganda is against Samsung. No matter that they make the best and most secure devices and Samsung Pay is the best platform, all the ppl must be threaten every day by the media. Even with lies about Samsung.
Apple is in danger , so expect even more attacks against Samsung.
By any logic, to use Android Pay over Samsung Pay is the dumbest thing, but the propaganda can make miracles. Right? LOL

• Reply

• ?
• Anonymous
• uu4
• 10 Aug 2016

Anonymous, 10 Aug 2016and apple uses tokenisation, why wern't they mentioned ? ( ... moreBecause they write better software. On the other hand most of Samsung's softwares are a failure. Release an app, doesn't work, couple of years later take it down. That's how it works for Samsung.

• Reply

• ?
• Anonymous
• nFR
• 10 Aug 2016

AnonD-126854, 09 Aug 2016Samsung is getting stronger and stronger, and Samsung Pay i... moreand apple uses tokenisation, why wern't they mentioned ? ( sound of cash jingling.)

• Reply

• ?
• Anonymous
• K25
• 10 Aug 2016

AnonD-442781, 09 Aug 2016How close is physically close?I think it would need to be closed enough to the device as it use NFC (NEAR field communication), Most notably taping the device on the terminal and reading the waves sent by the device it self. This is just a self conclusion and I might be wrong.

• Reply

• ?
• Anonymous
• k2G
• 09 Aug 2016

I have a galaxy phone with Samsung Pay, but I still prefer Android Pay. Just don't trust Samsung enough.

• Reply

• D
• AnonD-126854
• n7R
• 09 Aug 2016

Samsung is getting stronger and stronger, and Samsung Pay is the best platform.
So, don't be surprised if come even more, and more dirty shots from the tech media.

• Reply

• D
• AnonD-442781
• HD8
• 09 Aug 2016

How close is physically close?

• Reply

• L
• LG superfan
• Pxp
• 09 Aug 2016

Reading the title I thought vulnerability was extremely difficult to fix

• Reply

• 
• dexterouz
• sSK
• 09 Aug 2016

Thus the risk has been categorized as an "acceptable" one, according to Samsung and the payment firms it works with.

Three cheers for Samsung!!

• Reply