flaws and issues samsung pay: tokenized numbers,samsung pay: tokenized numbers, flaws and issues...
TRANSCRIPT
Samsung Pay:Tokenized Numbers,
Flaws and Issues
Salvador MendozaTwitter: @Netxing
Blog: salmg.net
@Netxing
Who am I?
● Security researcher
● From California, USA
● Mexican(Bad hombre)
Terminology
● NFC: Near Field Communication
● MST: Magnetic Secure Transmission
● VTS: Visa Token Service
● Tokenized Numbers: Surrogated value = Token
● Token: A voucher
● TSP: Token Service Provider
● PAN: Primary Account Number
@Netxing
What is Samsung Pay?
● New app for digital payments
● Similar to Apple Pay or Android Pay
● Big difference: MST protocol
@Netxing
What is MST?● It is a magnetic field
● The terminal interprets the electromagnetic waves like a swiping of a physical card
● Without security or encryption because it is a transmission of one way @Netxing
Analyzing Tokenized Numbers (Token)
%4012300001234567^21041010647020079616?;4012300001234567^21041010647020079616?~4012300001234567^21041010647020079616?
% = Start sentinel for first track^ = Separator? = End sentinel for every track; = Start sentinel for second track~ = Start sentinel for third track
A tokenized number follows exactly the same format of American Banking Association (ABA/IATA); emulating perfectly a physical swiping card.
@Netxing
http://www.samsung.com/hk_en/business-images/insights/2015/Samsung_Pay_Will_Transform_the_Mobile_Wallet_Experience-0.pdf
Analyzing a Track
Second track = ;4012300001234567^21041010647020079616?
2104-101-0647020079616
21/04 101 064702-0079-616
Token’s heart.New expiration date.
Service code: 1: Available for international interchange.0: Transactions are authorized following the normal rules.1: No restrictions.
064702: It handles transaction’s range/CVV role.0079: Transaction’s id, increase +1 in each transaction.616: Random numbers, to fill ABA format, generated from a cryptogram/array method.
The last 20 digits are the token’s heart: 21041010647020079616
@Netxing
Offline/online mode
Without internet; did not change the middle counter%4012300001234567^2104101082000(constant)0216242? %4012300001234567^21041010820000217826?%4012300001234567^21041010820000218380?[…]With internet, the middle counter increased +1:%4012300001234567^21041010820000233969? %4012300001234567^21041010820000234196?%4012300001234567^21041010820010235585? ← +1
@Netxing
Offline mode
@Netxing
Token Phases
●Active: Normal status after generated.●Pending: Waiting for TSP’s response.●Disposed: Destroyed token.●Enrolled: Registered token.●Expired: Became invalid after period of time.●Suspended_provision: Valid PAN, requesting more info.●Suspended: VST will decline the transaction with a suspended token.
@Netxing
Updating Token Status
//SAMPLE REQUEST URLhttps://sandbox.api.visa.com/vts/provisionedTokens/{vProvisionedTokenID}/suspend?apikey={apikey}// Headercontent-type: application/jsonx-pay-token: {generated from request data}// Body{ "updateReason": { "reasonCode": "CUSTOMER_CONFIRMED", "reasonDesc": "Customer called" }}// SAMPLE RESPONSE// Body{}
Source: Visa Developer Center
@Netxing
Files StructureDatabases > 20 Directories/files
vasdata.db, suggestions.db, mc_enc.db /system/csc/sales_code.dat, SPayLogs/
spay.db, spayEuFw.db, PlccCardData_enc.db B1.dat, B2.dat, pf.log, /dev/mst_ctrl
membership.db, image_disk_cache.db, loyaltyData.db
/efs/prov_data/plcc_pay/plcc_pay_enc.dat
transit.db, GiftCardData.db, personalcard.db /efs/prov_data/plcc_pay/plcc_pay_sign.dat
CERT.db, MyAddressInfoDB.db, serverCertData.db /sdcard/dstk/conf/rootcaoper.der
gtm_urls.db, statistics.db, mc_enc.db /efs/pfw_data, /efs/prov_data/pfw_data
spayfw_enc.db, collector_enc.db, cbp_jan_enc.db /sys/class/mstldo/mst_drv/transmit… many more
@Netxing
cbp_jan_enc.dbCREATE TABLE tbl_enhanced_token_info (_id INTEGER PRIMARY KEY AUTOINCREMENT, vPanEnrollmentID TEXT, vProvisionedTokenID TEXT, token_requester_id TEXT, encryption_metadata TEXT, tokenStatus TEXT, payment_instrument_last4 TEXT, payment_instrument_expiration_month TEXT, payment_instrument_expiration_year TEXT, token_expirationDate_month TEXT, token_expirationDate_year TEXT, appPrgrmID TEXT, static_params ...
https://sandbox.api.visa.com/vts/provisionedTokens/{vProvisionedTokenID}/suspend?apikey={apikey}
@Netxing
Flaws and Issues
● paramString = LFWrapper.encrypt("OverseaMstSeq", paramString);● bool1 = b.edit().putString(paramString,
LFWrapper.encrypt("PropertyUtil", null)).commit();● String str = LFWrapper.encrypt("tui_lfw_seed",
Integer.toString(paramInt)); @Netxing
Encrypt/Decrypt Functions
@Netxing
Flaws and Issues
● Token expiration date is in blank.● ivdRetryExpiryTime implements timestamp format.
● If Samsung Pay generated a token, but it is not used to make a purchase, that token is still active/alive.
@Netxing
Flaws and Issues
Adding/deleting the same card.
● %4059557240050212^22111014803010255698?Deleted
● %4059557240056045^22111014804000001352?Deleted
● %4059557240056052^22111014804000001457?● %4059557240056052^22111014848010007855?
Deleted● %4059557240056557^22111014902000001888?● %4059557240056557^22111014902000002230?
@Netxing
Attacks
Dangerous scenarios:
● Social engineering
● Jamming MST signal
● International Tokens
● Attack in Real-Time (MagSpoofPI)
● Attacking the NFC Protocol
● Guessing the next token? @Netxing
Social Engineering(TokenGet)
@Netxing
Social Engineering(TokenGet)
@Netxing
Social Engineering(TokenGet)
https://www.youtube.com/watch?v=QMR2JiH_ymU
TokenGet:● Raspberry Pi Zero● Lipo 3.7 V● PowerBoost 1000● Credit Card reader one head● USB adapters● USB WIFI dongle ● Mini OTG USB● Cell phone armband
@Netxing
@Netxing
MagSpoof + CC Reader + Raspberry Pi = JamSpay
++
JamSpay
● Pin 7(GPIO04) connected to a 10K resistor. The other resistor’s end to GND.
● Raspberry Pi GND to Attiny’ GND and Raspberry DC power 3.3 to Attiny’s
@Netxing
JamSpay
https://www.youtube.com/watch?v=ytV7xNJP1o8
● Raspberry Pi Zero● Lipo 5 V● Credit Card reader one head● MagSpoof● USB adapters● USB WIFI dongle ● Mini OTG USB● Mini-box
@Netxing
International Samsung Pay Tokens
https://www.youtube.com/watch?v=EphR18sSjgA
Thanks @Sabasacustico
@Netxing
Attack in Real-time
https://www.youtube.com/watch?v=zuDdb3XSupE
MagSpoof + Raspberry Pi = MagSpoofPI● Raspberry Pi 3 ● Lipo 3.7 V● PowerBoost 1000● USB cable● MagSpoof
Details about this project: https://salmg.net/2016/08/27/magspoofpi/
@Netxing
Attacking NFC Protocol
@Netxing
How Samsung Pay implements two different tokens per transaction?
@Netxing
Two tokens for one transaction
MST:%4012300001234567^21041010820000216242?[…]
NFC:%4012300001234567^21042010820000217969?[...]
@Netxing
Secure Element at NFC
@Netxing
Analyzing the NFC tags
ATS:...77 66 9F 26 08 35 56 96 3E DB 9E D7 8A 94 04 08 03 03 00 82 02 00 40 9F 36 02 00 50 9F 6C 02 01 80 9F 6E 04 23 8C 00 00 9F 10 20 1F 43 01 00 20 00 00 00 00 00 00 00 00 06 68 17 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 13 XX XX D2 21 12 01 68 17 01 00 80 44 3F 5F 34 01 00 9F 27 01 80 90 0080 CA 9F 17 0069 8580 CA 9F 36 0069 85... @Netxing
Attacking Samsung Pay NFC - PoC
https://www.youtube.com/watch?v=cD97Bey_2yA
@Netxing
Guessing a Token?
@Netxing
How did Samsung Pay fix everything?
@Netxing
Other Researchers
https://www.youtube.com/channel/UC-Z9ZK4Pv5YNObhP53eCz1g
@Netxing
Beta Project: SamyKam
https://www.youtube.com/watch?v=zp8G1WKreXA
Services:● Web server ● Bluetooth service● OLED/Rotary Encoder● MagSpoofPI
Library(avr-gcc code integration)
More details: salmg.net
@Netxing
Take-Away
● Samsung Pay has some levels of security, but it is a fact that could be a target for malicious attacks.
● Samsung Pay has some limitations in the tokenization process which could affect customers’ security.
● Finally, tokens generated by Samsung Pay could be used in another hardware.
@Netxing
Greetz, Hugs & Stuff
Samy Kamkar (@samykamkar)Andres Sabas (@Sabasacustico)Pedro Joaquin (@_hkm)Luis Colunga (@sinnet3000)RMHT (raza-mexicana.org)Los RazosGDG modesto group
