Samsung just can't catch a break these days. Its phones are exploding, and so are its washing machines, and now a security researcher has found a second vulnerability in Samsung Pay.
Salvatore Mendoza demonstrated the first vulnerability at Black Hat in August, where he was able to eavesdrop on a payment transaction, generate a token, and use that new token to make an unauthorized purchase in a different location.
Dog on a welcome mat [HOLD for Computerworld's Best Places to Work in IT 2016]
Today's top stories
5 tools for making sense of system logs
Researcher says Adult Friend Finder vulnerable to file inclusion vulnerabilities
Republicans hacked, skimmed NRSC donations sent to Russian domain
See how much an infosec analyst can earn
Next week, he will be demonstrating the new Samsung Pay vulnerability at the Ekoparty security conference in Buenos Aires, Argentina.
At Black Hat, he showed how an attacker could eavesdrop on the MST transmission that the Samsung phone sends to emulate a magnetic stripe signal and take advantage of a weakness in how the tokens were generated, allowing him to predict new tokens.
Click here to read the rest of the article