Samsung: Hackers can't pwn our NFC payment kit. No way, nuh-uh, not true (Well, OK, maybe)
The South Koreans doth protest too much, methinks
A war of words has broken out after a security researcher claimed last week that Samsung's contactless mobile payment system is vulnerable to skimming and spoofing attacks.
In talks at both the Black Hat and DEF CON security conferences, held last week in Las Vegas, Salvador Mendoza claimed that he was able to intercept a Samsung Pay token transmitted over the air using a gizmo hidden under his shirt cuff.
Wait, what's a Samsung Pay token? Well, the token comes in three parts.
One is generated by the payment networks, it is associated with a credit or debit card, and it is stored on the Samsung smartphone. The second part is a counter that increments on every transaction in an attempt to thwart replay attacks. The final part is a message authentication code generated from the payment network-provided token, the counter and a secret key embedded in the phone's ARM-compatible processor; this authentication code is used to prove the token was sent from a Samsung device and wasn't tampered with over the air.
When someone wants to make a payment, their handset sends the complete token over the air using NFC to a nearby payment terminal.
Mendoza found that the authentication code algorithm outputs just three 0-9 digits, which is rather trivial. He claims a thief "could implement a guessing method, a brute force attack or a dictionary attack," to compute the correct code for a transaction. In other words, you could sniff someone's token on the airwaves, fiddle with its bits to come up with a correct authentication code for a second transaction, and replay it later elsewhere to make purchases using the victim's account.
Also, it may be possible to receive the token and then jam or block the transmission so that the terminal can't receive it. At that point, you've got a live token that you can reuse later on.
The presentations sparked a string of responses from Samsung. Initially the tech giant said Mendoza had been mistaken in his research and that the hack wasn't possible.
"Recent reports implying that Samsung Pay is flawed are simply not true," it said in a statement. "Samsung Pay uses a multi-layer security system that works in tandem with the security systems of our partners to detect any emerging threats."
However, Mendoza defended his claims and reiterated that his hacking system was valid. Samsung then amended the statement in its security blog.
"Keeping payment information safe is a top priority for Samsung Pay which is why Samsung Pay is built with highly advanced security features," it said. "It is important to note that Samsung Pay does not use the algorithm claimed in the Black Hat presentation to encrypt payment credentials or generate cryptograms."
In an FAQ [PDF] attached to the statement, Sammy admitted that the skimming attack was possible, but only under a very peculiar set of "extremely unlikely" circumstances. The attacker would need to be very close to the victim to skim the token and would have to block the transmission of the original message from the phone.
"In summary, Samsung Pay's multiple layers of security make it extremely difficult to make a purchase by skimming a token," it said.
As anyone with a hacking mindset would tell you, these "difficult" circumstances wouldn't be too hard to set up. The easiest method would be using a false point-of-sale terminal that would be able to skim the token but would refuse to process it – allowing the attacker 24 hours to make another purchase before it expired.
As for Samsung's claim that it is impossible to create new tokens that would work, Mendoza has now shot back with another video appearing to demonstrate just that. By manipulating the token's contents he was able to buy a bottle of Pepsi from a hotel vending machine.
We're still waiting for further comment from Samsung on this latest video. The biz should maybe consider the disciple Peter's record on denials and make sure it's in the right this time. ®