Samsung Pay has a serious vulnerability
As Samsung Pay continues to grow, it keeps receiving increased attention from security researchers and hackers as well. Unfortunately, now a security researcher has just unveiled some security problems that can be used by an attacker to make fraudulent payments because translating credit card data into tokens is not as safe as should be.
According to ZDNet, "Salvador Mendoza found that the tokenization process is limited and the sequencing of the tokens can be predicted." He explained that the whole process gets weaker after the first token from a card is generated, so future tokens are easier to predict. To make everything even worse, he also revealed that a stolen token can be used with magnetic spoofing hardware for various purchases even in countries where Samsung Pay is not available yet.
Mendoza mentioned that this vulnerability affects all Samsung Pay-compatible cards, except gift cards. For now, Samsung did not mention anything about a patch for this problem. A spokesperson for the company said "If at any time there is a potential vulnerability, we will act promptly to investigate and resolve the issue," so the tokenization problem might go away soon. We will get back to it as soon as that happens, so stay tuned.