Explore the security vulnerabilities and potential flaws in Samsung Pay's tokenization system in this 40-minute conference talk from TROOPERS17. Delve into offline mode, token expiration dates, and random critical numbers. Examine social engineering risks and witness security demonstrations. Investigate international usage, real-time attacks, and the interplay between MST and NFC technologies. Learn about the secure element, NFC tags, and potential exploits. Analyze the terms of service and discover key takeaways for implementing safer mobile payment systems. Gain insights into the proper handling and usage of tokens in mobile payment platforms.
Overview
Syllabus
Intro
Welcome
Who am I
Terminology
Why Samsung Pay
Offline Mode
Tokenization
Token Expiration Date
Random Critical Number
Social Engineering
Security Demonstration
International Use
RealTime Attack
MST
NFC
Secure Element
NFC Tags
Example
Getting it talking
Terms of Service
Samson Play
SAMSON
Some takeaways
Questions
Safe implementation
Sending tokens
Using tokens
Taught by
WEareTROOPERS
