Hackers who targeted Samsung Pay may be looking to track individuals

The hackers who allegedly broke into the Samsung subsidiary are spies more than profiteers

The security breach at Samsung subsidiary LoopPay was probably more about spying than about gathering consumer data for profit, and the worst could be yet to come, a security analyst said Wednesday.

Samsung acknowledged the attack on LoopPay, which it acquired in February for technology that it uses in its Samsung Pay service. It said hackers only breached LoopPay's office network, not systems used by Samsung Pay. The affected servers have been isolated and no personal payment information was put at risk, according to Samsung.

However, if the breach was carried out by the notorious Codoso Group in China, as The New York Times reported, it probably wasn't intended to steal consumer data for sale, said Ken Westin, a senior security analyst at threat-detection software company TripWire.

The Codoso Group has been linked to large-scale attacks on major defense, finance and other organizations, including websites related to the Uyghur minority in China. It allegedly is affiliated with the government of China.

The hackers probably wanted access to LoopPay's code, possibly to develop the capability to collect information on individuals, Westin said.

Alex Holden, CEO of the consultancy Hold Security, agreed. Codoso may have ultimately wanted to know "who bought what, when," he said. For example, if an important individual made a purchase at a coffee shop in Los Angeles, an infiltrator could learn something about that person's travels.

And while LoopPay may have worked out the details of this particular breach, it's probably facing what security researchers call an advanced persistent threat, he said. That kind of attacker keeps coming back and probing different parts of a company's infrastructure looking for weaknesses and laying the groundwork for future infiltrations. Samsung should be worried, Westin said.

However, the attack shouldn't prevent consumers from using Samsung Pay, Westin said.

"I would be cautious, as you should be with any new sort of payment service, but I don't think this is a reason not to use the service at this time," he said.

LoopPay's network was breached in February, shortly before Samsung bought the Massachusetts startup for US$250 million, the Times said. The hackers were in the network for about five months before LoopPay discovered the breach in late August, when an organization tracking the Codoso Group found LoopPay's data.

That shows the startup may have had strong intrusion prevention tools but weak detection capabilities, Westin said. The most sophisticated hackers don't even use identifiable malware but but exploit components within a company's own systems, like Powershell on Windows. "For a lot of businesses, this is a big challenge now," he said.

Samsung Pay is the latest platform for wirelessly buying things with a mobile device by holding it up to a point-of-sale system. Like Apple Pay, it's designed to be more secure than traditional credit cards because each payment doesn't use the same card number. Instead, the system uses an encrypted token and certificate information that can only be used once, according to Samsung.

Samsung acquired LoopPay for a technology it developed, Magnetic Secure Transmission, that lets a mobile device emulate a magnetic stripe card. That helps Samsung Pay work with older payment systems.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephen Lawson

IDG News Service
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?