Hackers breach firm whose tech is used in Samsung Pay

It was revealed on Wednesday by the New York Times that LoopPay, a US-based Samsung subsidiary whose technology is central to the Samsung Pay mobile payment system, has suffered a breach earlier this year.

LoopPay executives says that the attackers were seemingly after that particular technology.

The hack has allegedly been perpetrated by Chinese hackers: the so-called Codoso Group, which is known for targeting defense, finance and other similar organizations.

The compromise was discovered in late August, after another organization who was tracking the hacker group came across data stolen from LoopPay.

Samsung has issued a statement to reassure its customers that they can continue to use Samsung Pay safely.

“The first thing to know is that Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay office network, which is a physically separate network from Samsung Pay,” the pointed out.

“It’s worth reiterating that the reported incident was related to LoopPay’s office network which handles email, file servers and printing within the company. This network is physically separate from the production network that handles payment transactions and run by Samsung. The incident involved three servers on LoopPay’s internal office network.”

The company hired two independent professional security teams to look into the matter, and apparently solved the problem by identifying and quarantining the targeted devices, and cleaning the systems.

“We’re confident that Samsung Pay is safe and secure. Each transaction uses a digital token to replace a card number. The encrypted token combined with certificate information can only be used once to make a payment. Merchants and retailers can’t see or store the actual card data,” they concluded.

Samsung Pay has been introduced in the US last week.

But various security experts have expressed their doubt that the company has managed to effectively perform the entire investigation in such a short time, and believe that some things are yet to be revealed.

The alleged attackers are known for managing to keep a secret backdoor in the targeted systems even after defenders are convinced that they have booted them out. They also had plenty of time to do whatever they wanted in LoopPay’s systems, as the attack dates back to March, and possibly even earlier.

Hold Security CEO Alex Holden told Stephen Lawson that it’s likely that the Codoso hackers will target the firm again, maybe by probing different parts of the company’s infrastructure.

“Time and again, we see attackers able to lurk undetected in organizations’ networks for several months. Today’s news reinforces the need to utilize data science and machine learning for automated analysis and fast access to forensic data to detect these low and slow breaches,” commented Haiyan Song, SVP of Security Markets, Splunk.

“Our best defense and means for minimizing impact on business is differentiating between normal and abnormal activities. When companies analyze user behavior and know normal activity patterns, they can quickly spot the potentially threatening behavior and ultimately contain the impact of a breach.”

Share this