Chinese hackers attempt to break into Samsung Pay
A notorious hacker group supported by the Chinese government has tried but apparently failed to steal customer information stored in technology developed by Samsung subsidiary LoopPay, which powers the Samsung Pay mobile payment service.
Samsung said the sophisticated attack by hackers known as the Codoso Group or Sunshock Group began last March. It reassured users that Samsung Pay “was not impacted and at no point was any personal payment information at risk.
"This was an isolated incident that targeted the LoopPay office network, which is a physically separate network from Samsung Pay”, said Samsung in a blog post.
Samsung believes the Chinese hackers were eager to tap into the pioneering Magnetic Secure Transmission (MST) technology that’s the backbone of Samsung Pay. MST uses magnetic stripe cards and is the secret behind the huge success of Samsung Pay. Samsung acquired LoopPay in February for more than $250 million to avail the groundbreaking technology for its mobile payment systems.
MST enables Samsung Pay to be compatible with older point-of-sale terminals using magnetic strips on payment cards. This technology is the key differentiating factor that gives Samsung Pay an edge over Apple’s Apple Pay and Google’s Android Pay, which only works with Near Field Communication (NFC) payment terminals.
A report in The New York Times said Will Graylin, chief executive of LoopPay and co-general manager of Samsung Pay, reassured clients the attackers didn’t breach the system that helps manage payments. He did confirm the infiltrators managed to track the corporate networks but didn’t access any customer data.
The hackers, however, were inside the LoopPay system for more than five months and LoopPay identified the breach just weeks before the service was finally rolled-out.
"Samsung Pay was not impacted and at no point was any personal payment information at risk”, reassured Darlene Cedres, Samsung’s chief privacy officer, reports The Verge. “The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay”.
Security experts said the Codoso Group has a record of targeting financial firms, military and defense contractors, C-level executives and Chinese political dissidents. Last month, U.S President Obama announced that both China and the U.S. reached a consensus to stop corporate hacking. Graylin confirmed that private forensics teams have been hired to investigate the break-in.
Contact the writer at feedback@ibtimes.com.au, or let us know what you think below.