Samsung Pay vulnerability in-depth analysis-vulnerability warning-the black bar safety net

ID MYHACK58:62201680571
Type myhack58
Reporter 佚名
Modified 2016-10-26T00:00:00


2 0 1 6 7 1 4 number, from United States, California, Modesto Community College Salvador Mendoza published an article titled Samsung Pay:Tokenized Numbers, Flaws andIssues of the article, said the discovery of the Samsung Pay the Token of security. In the same year 8 on No. 4, which at the Black Hat USA Conference for this attack for a proclamation and presentation for VISA card. For this, the domestic each big media have been tracking reports, then the Samsung Pay is not really that vulnerable? ! One, restore Samsung Pay hack event complete situation Salvador Mendoza to use android adb command on Samsung Pay for debugging, access the application database, while decompiling the Samsung Pay the associated application, thus realizing the MST track of Information Analysis note: Salvador errors will track all of the data collectively referred to as a Token, as used herein in the description is not to produce chaos, to the card organizations, noun definitions are set forth in. Through the analysis, found some weaknesses: 1. MST track information can be acquired; 2. The client application confused enough and contains the annotation, which is used to store credit card data in the local database encryption is not reliable key is static and can decompile the client after the acquisition; and 3. To generate the MST track information as long as is not in use, it has been effective. Based on the above weaknesses, Salvador deduced four possible attack scenarios: 1. Through social engineering ways to cheat the users to generate the MST track information, and steal for the Pirates of the brush; 2. The use of captured equipment blocking the normal payment process and steal MST track information for Pirates of the brush; 3. Decompile the encryption and decryption code; 4. Guess the next MST track information. Second, attack the substance of and analysis The attack essentially is: ① Through the Samsung Pay mobile application for the analysis and MST track information of the repeated test, learn to the MST track information in each bit of the meaning, and then released resulting in a secret exposure of public opinion to effect; ② The traditional magnetic stripe card stolen brush attack mode ported to the Samsung Pay, to achieve the attack effect of the presentation; and ③ Domestic media propaganda hyped the“Token of the to a limited extent, can be predicted”, just Salvador assumed the possible attack scenarios, one of Salvador did not confirm that the scene can be achieved, also did not make the presentation, only according to the phenomenon of dynamic MST code length of only 3 bits and may be for multiple transactions and a large collection of historical data of these two points for a guess. Specifically: For substance a, since Andorid is an open system, and is based on Java the code is easy to decompile, so easy to its application for analysis, part of the anti-compiled code example is as follows: !

While the MST track information of the transmission mode with the traditional magnetic stripe cards, and therefore can be more easily by the General reader reads the magnetic information, combined with the anti-compiled code and multiple acquisitions to obtain a plurality of magnetic information that can be analyzed track in each part of the meaning, as described for the second magnetic information;4 0 1 2 3 0 0 0 0 1 2 3 4 5 6 7^2 1 0 4 1 0 1 0 6 4 7 0 2 0 0 7 9 6 1 6? The data, which is a key part of the meaning is as follows: 4 0 1 2 3 0 Token in the card bin 0 0 0 1 2 3 4 5 6 7 Token in the remaining portion of the 2 1 0 4 Valid 1 0 1 Service Code 0 6 4 7 Account parameters index time stamp 0 2 Account parameters the index counter 0 0 7 9 Transaction counter 6 1 6 MST verification code For the substance of the two, since the MST is essentially a double with a change in a track information of the magnetic stripe of the card, so traditional for magnetic stripe card stolen brush the record, the production of counterfeit cards and other technical means are still valid, so Salvador can easily be stolen brush demo. And for the substance of the three, Salvador just made a gut on that one bit of the number is extremely limited and can be a large acquisition before the ordinal number word sequence, it should be to a certain extent predict subsequent numbers. But for this from the intuition to draw the conclusion that he and not validated and confirmed. Third, the attack impact analysis of For the above-mentioned substance a, since Samsung Pay's security is not established in the algorithm a confidential basis, but instead relies on the core key of the confidentiality as well as the operating environment of the credible, so the application of the analysis and on the MST track analytical information and will not directly reduce Samsung security. However, considering the program at the time of writing there may be a bug, and the program is easy to be analyzed means that there more likely is the attacker to find programs in the presence of the vulnerability, so the security there is still a certain impact. For the above-mentioned substance of the two, combined with the Black Hat of the General Assembly of the actual presentation shows, such an attack as to the implementation of successful, need to have the following prerequisites: ① Physical contact Samsung phone, and Samsung Pay feature open; ② Keep the Samsung phone in the attack successful before does not make payments operations; ③ Create a pseudo-card is not able to bypass the PIN, unless the use of the pseudo-card to perform the transaction free key, otherwise also required in advance to steal the card the corresponding PIN; ④ The production of a pseudo-card can only be used once, the next time you need to re-obtain and inject new track information. Therefore, it actually attacks the use of difficulty is greater than the traditional magnetic stripe card stolen brush, a magnetic information leakage caused by the loss of a traditional magnetic stripe card is more limited. In other words, Samsung Pay of the MST since its essence is a magnetic stripe card variant, and therefore the presence of the magnetic stripe card, similar risk is not new to security, and its risk compared to traditional magnetic stripe cards has improved. For the above-mentioned substance of the three, although in the domestic media is hyped, but Salvador did not really achieve. We found through research, VISA MST code generation is to rely on a private key of the transaction related to the static and Dynamic Data Encryption obtained after the treatment, in does not break the TEE in the operating environment to get to the key case difficult to predict. However, due to the MST verification code only has 3 bits, in valid transactions in the case its validity may be up to an hour or more, so there is a brute-force possible. In short, MST verification code and not to the media reported as vulnerable, which crack the only way is brute force and not the so-called prediction. And, even if they are compromised, although from the overall will Samsung Pay the security risk down to the ordinary magnetic stripe cards is similar, but the actual use still than ordinary magnetic stripe cards complex because the production of counterfeit cards in the MST code and other dynamic information does not change in time when consumer credit card, and each brush once you re-acquire and write new tracks. Fourth, the comparison of domestic Samsung Pay the security analysis After an investigation, comparative study, domestic Samsung Pay with the attack event related to the VISA Samsung Pay scheme is not exactly the same, the main difference is that: ① Magnetic path in the MST code, etc. dynamic data length, generation algorithm is not the same. Internally the algorithm uses a shorter window of time, while generating a longer MST verification code, which is great to avoid being brute-force possible. ②Samsung Pay the operating environment is not the same. Abroad programs running in the TEE environment, while the domestic program running in the more secure based on a separate security chip in the eSE environment. ③MST track information life cycle is not the same. Domestic programmes in the MST track information when required by eSE to generate real-time, and then directly through the hardware device to the external POS machine and other terminals of the receiving device, and not in the phone database stored in the process's existence. In summary, the domestic version of Samsung Pay you can be assured of enjoyable buy buy buy.