Id like to give my "two cents"...or is it tencent now?
Inflation...go figure. Anyway, I am a college graduate...twice over btw...and am highly intellegent.
THAT'S exactly why I DON'T UPDATE. Considering the charactter flaws that have come upon those who did, I decided I would rather be behind. And if you are also of a wise knowledge base,you can see that in doing that,I actually became the one in the lead.:)
God bless! P.s. Push your thinker in the deep end.Its great for the SOUL.:)
Samsung is not alone here, most of today new paying methods are made in really weird and lame way(like 24h delay before it expire).
No one care that they actually manage our money, they advertise it as a cool feature that you just "use" like it would be new camera or bigger screen in phone, people totally forgot that its about money and access to them, and they should think about it as bank security, not "another phone function"
i don't understand...usual payment gateway instances expire in 3-5 min...24hrs???what are we dealing with?
Anonymous, 10 Aug 2016and apple uses tokenisation, why wern't they mentioned ? ( sound of cash jingling.)This issue is mainly because Samsung support old magnetic payment methods..
NFC is not affect.
Use NFC type payment, should not have any issues of token leak. Legacy is bad, real bad.. Android are all the same.. no updates / refuse to update / refuse to learn new things, stuck on file manager old ways of doing things.
Although seems plausible but i believe it can be made even more difficult for the attacker if:
1) The token expires much earlier (i.e within a few seconds, where the user have ample time to pay)
2) When getting new tokens, the old one shall expire, or if the user goes back to non transmit state it shall expire (don't understand why so long to expire at 24hours)
3) Dual way verification. Samsung pay user transmit the token, the user gets the sms and must key in the correct randomized pin from sms before the purchase can continue.
4) Request a tokenized key first from the bank and then hash it with the pay transmit before making the purchase.
Anonymous, 10 Aug 2016If being that close is required to pull off this exploit, then it is faster to just whip out a... moreNo need... just make sure you are the merchant.
Seller and Buyer normally are in close proximity.
If being that close is required to pull off this exploit, then it is faster to just whip out a knife and ask them for money LOL jk
Anonymous, 09 Aug 2016I have a galaxy phone with Samsung Pay, but I still prefer Android Pay. Just don't trust Samsu... moreI can understand you.
All the propaganda is against Samsung. No matter that they make the best and most secure devices and Samsung Pay is the best platform, all the ppl must be threaten every day by the media. Even with lies about Samsung.
Apple is in danger , so expect even more attacks against Samsung.
By any logic, to use Android Pay over Samsung Pay is the dumbest thing, but the propaganda can make miracles. Right? LOL
Anonymous, 10 Aug 2016and apple uses tokenisation, why wern't they mentioned ? ( sound of cash jingling.)Because they write better software. On the other hand most of Samsung's softwares are a failure. Release an app, doesn't work, couple of years later take it down. That's how it works for Samsung.
AnonD-126854, 09 Aug 2016Samsung is getting stronger and stronger, and Samsung Pay is the best platform. So, don't be ... moreand apple uses tokenisation, why wern't they mentioned ? ( sound of cash jingling.)
AnonD-442781, 09 Aug 2016How close is physically close?I think it would need to be closed enough to the device as it use NFC (NEAR field communication), Most notably taping the device on the terminal and reading the waves sent by the device it self. This is just a self conclusion and I might be wrong.
I have a galaxy phone with Samsung Pay, but I still prefer Android Pay. Just don't trust Samsung enough.
Samsung is getting stronger and stronger, and Samsung Pay is the best platform.
So, don't be surprised if come even more, and more dirty shots from the tech media.
Reading the title I thought vulnerability was extremely difficult to fix