To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Podcasting Education Tech DEF DEFCON Hacking Hacker Conference Computer Security Security Research Defcon 24 DEF CON 24 Dc-24 Dc24 Lockpicking Hardware Hacking Tech Tips Tech News
Content provided by DEF CON. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by DEF CON or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

DEF CON 24 [Audio] Speeches from the Hacker Convention « »
Salvador Mendoza - Samsung Pay: Tokenized Numbers, Flaws and Issues

 
Play
Playing
Share
 

M4A

Archived series ("Manual" status)

When? This feed was archived on October 15, 2017 15:05 (7y ago). Last successful fetch was on September 03, 2017 08:23 (7y ago)

Why? Manual status. This feed was manually archived (happens for various reasons).

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 167145069 series 1319537
Content provided by DEF CON. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by DEF CON or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Materials:
https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers-WP.pdf
https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers.pdf

Samsung Pay: Tokenized Numbers, Flaws and Issues
Salvador Mendoza Student & Researcher

Samsung announced many layers of security to its Pay app. Without storing or sharing any type of user's credit card information, Samsung Pay is trying to become one of the securest approaches offering functionality and simplicity for its customers.
This app is a complex mechanism which has some limitations relating security. Using random tokenize numbers and implementing Magnetic Secure Transmission (MST) technology, which do not guarantee that every token generated with Samsung Pay would be applied to make a purchase with the same Samsung device. That means that an attacker could steal a token from a Samsung Pay device and use it without restrictions.
Inconvenient but practical is that Samsung's users could utilize the app in airplane mode. This makes impossible for Samsung Pay to have a full control process of the tokens pile. Even when the tokens have their own restrictions, the tokenization process gets weaker after the app generates the first token relating a specific card.
How random is a Spay tokenized number? It is really necessary to understand how the tokens heretically share similarities in the generation process, and how this affect the end users' security.
What are the odds to guess the next tokenized number knowing the previous one?
Salvador Mendoza is a college student & researcher.

??

@netxing?
Keybase.io: http://keybase.io/salvador

  continue reading

104 episodes

#Podcasting Education #Tech #DEF #DEFCON #Hacking #Hacker Conference #Computer Security #Security Research #Defcon 24 #DEF CON 24 #Dc-24 #Dc24 #Lockpicking #Hardware Hacking #Tech Tips #Tech News
Artwork

Salvador Mendoza - Samsung Pay: Tokenized Numbers, Flaws and Issues

DEF CON 24 [Audio] Speeches from the Hacker Convention

15 subscribers

published

Play Playing
iconShare
 
M4A

Archived series ("Manual" status)

When? This feed was archived on October 15, 2017 15:05 (7y ago). Last successful fetch was on September 03, 2017 08:23 (7y ago)

Why? Manual status. This feed was manually archived (happens for various reasons).

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 167145069 series 1319537
Content provided by DEF CON. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by DEF CON or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Materials:
https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers-WP.pdf
https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers.pdf

Samsung Pay: Tokenized Numbers, Flaws and Issues
Salvador Mendoza Student & Researcher

Samsung announced many layers of security to its Pay app. Without storing or sharing any type of user's credit card information, Samsung Pay is trying to become one of the securest approaches offering functionality and simplicity for its customers.
This app is a complex mechanism which has some limitations relating security. Using random tokenize numbers and implementing Magnetic Secure Transmission (MST) technology, which do not guarantee that every token generated with Samsung Pay would be applied to make a purchase with the same Samsung device. That means that an attacker could steal a token from a Samsung Pay device and use it without restrictions.
Inconvenient but practical is that Samsung's users could utilize the app in airplane mode. This makes impossible for Samsung Pay to have a full control process of the tokens pile. Even when the tokens have their own restrictions, the tokenization process gets weaker after the app generates the first token relating a specific card.
How random is a Spay tokenized number? It is really necessary to understand how the tokens heretically share similarities in the generation process, and how this affect the end users' security.
What are the odds to guess the next tokenized number knowing the previous one?
Salvador Mendoza is a college student & researcher.

??

@netxing?
Keybase.io: http://keybase.io/salvador

  continue reading

104 episodes

#Podcasting Education #Tech #DEF #DEFCON #Hacking #Hacker Conference #Computer Security #Security Research #Defcon 24 #DEF CON 24 #Dc-24 #Dc24 #Lockpicking #Hardware Hacking #Tech Tips #Tech News

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox