Abstract
We have discovered a security vulnerability in the Samsung Pay app. The magnetic secure transmission in Samsung Pay emits too many magnetic signals that are excessively strong. Thus, we built a low-cost receiver to eavesdrop on the emitted magnetic signals. Using this receiver, we successfully eavesdropped the one-time token for a payment made on the Samsung Pay app around 0.6m ~ 2.0m from where the payment was taking place, depending on the orientation of the magnetic field emitting antenna in the victim device. We verified that the collected one-time token could be used away from the victim device if the collected payment information was quickly transmitted over the Internet.
| Original language | English |
|---|---|
| State | Published - 2016 |
| Event | 10th USENIX Workshop on Offensive Technologies, WOOT 2016 - Austin, United States Duration: 8 Aug 2016 → 9 Aug 2016 |
Conference
| Conference | 10th USENIX Workshop on Offensive Technologies, WOOT 2016 |
|---|---|
| Country/Territory | United States |
| City | Austin |
| Period | 8/08/16 → 9/08/16 |