25th USENIX Security Symposium has ended
Back To Schedule
Monday, August 8 • 12:30pm - 1:00pm
Eavesdropping One-Time Tokens Over Magnetic Secure Transmission in Samsung Pay

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

We have discovered a security vulnerability in the Samsung Pay app. The magnetic secure transmission in Samsung Pay emits too many magnetic signals that are excessively strong. Thus, we built a low-cost receiver to eavesdrop on the emitted magnetic signals. Using this receiver, we successfully eavesdropped the one-time token for a payment made on the Samsung Pay app around 0.6m ~ 2.0m from where the payment was taking place, depending on the orientation of the magnetic field emitting antenna in the victim device. We verified that the collected one-time token could be used away from the victim device if the collected payment information was quickly transmitted over the Internet.

Monday August 8, 2016 12:30pm - 1:00pm PDT
Texas Ballroom 1

Attendees (3)