Samsung Pay may be susceptible to hacks, but the company notes that these cyberattacks are unlikely and hard to pull off.
In a presentation that took place at hacking conference Defcon, Salvador Mendoza shared a vulnerability on the company’s online payment system that would allow hackers to tap into your phone and steal your payment info.
When making payments, smartphones and other devices sometimes ask you to enter a code, or payment token in order to complete a transaction. Mendoza notes that hackers can intercept or fabricate these tokens for malicious purposes.
One method of doing so involves a wrist-mounted device that could access devices that authenticate a mobile payment without completing it.
In a different case, hackers can generate their own unique tokens by implementing a “guessing method.” Mendoza did not disclose whether or not he was able to create his own tokens.
Samsung responded to the warning by saying it is aware of the flaw, and the company also recognizes that these cyberattacks are quite hard to pull off. In a lot of cases, the hacker would have to be in close proximity to their target.
The company adds that Samsung Pay’s vulnerabilities are not unlike the holes that exist in credit and debit cards, making such a hack as likely or unlikely as credit card fraud.
More serious vulnerabilities have been exposed in certain devices recently, including 900 million Android devices that run on Qualcomm security chips.
There has also been a recent case of Bitcoin fraud caused by a Bitcoin exchange hack in Hong Kong, which caused the cryptocurrency’s price to decline earlier this month.
Additionally, popular online game Clash of Kings was hacked recently, exposing the personal information of about 1.6 million accounts.