SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
9 Oct 2015

Hackers may have stolen the technology behind Samsung Pay

Months before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers.

As early as March, the hackers — alternatively known as the Codoso Group or Sunshock Group by those who track them — had breached the computer network of LoopPay, a start-up in Burlington, Mass., that was acquired by Samsung in February for more than $250 million.

LoopPay executives said the Codoso hackers appeared to have been after the company’s technology, known as magnetic secure transmission, or MST, which is a key part of the Samsung Pay mobile payment wallet that made its public debut in the United States last week. Like similar mobile payment systems from Apple and Google, Samsung Pay allows consumers to pay for goods using their Samsung smartphones with so-called near-field communications technology, which uses a wireless signal to send payment information from a phone to newer cash registers. But LoopPay’s MST technology has an advantage: It also works with older payment systems by emulating a commonly used magnetic stripe card.

The attackers are believed to have broken into LoopPay’s corporate network, but not the production system that helps manage payments, said Will Graylin, LoopPay’s chief executive and co-general manager of Samsung Pay. Mr. Graylin said that security experts were still looking through LoopPay’s systems, but that there had been no indication that the hackers infiltrated Samsung’s systems or that consumer data had been exposed.

LoopPay did not learn of the breach until late August, when an organization came across LoopPay’s data while tracking the Codoso Group in a separate investigation. Both LoopPay and Samsung executives said they were confident that they had removed infected machines, and that customer payment information and personal devices were not affected. They added that there was no need to delay the introduction of Samsung Pay, which had its debut in the United States last week after executing more than $30 million worth of purchases in South Korea.

“Samsung Pay was not impacted and at no point was any personal payment information at risk,” Darlene Cedres, Samsung’s chief privacy officer, said in a statement. “This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay.” But two people briefed on the investigation, as well as security experts who have been tracking the Codoso hackers as they have targeted hundreds of victims around the world, said it would be premature to say what the hackers did and did not accomplish since they were discovered in August.

To start, the hackers were inside LoopPay’s network for five months before they were discovered. And the Codoso Group is known for maintaining a hidden foothold in its victims’ systems. Security experts say the group’s modus operandi is to plant hidden back doors across victims’ systems so that they continue to infiltrate their networks long after the initial breach. In a multistage Codoso attack of Forbes in February, for example, the group infected the website of Forbes.com with malicious code that infected the site’s visitors. But that was just the start. From there, other members of the group used that foothold in visitors’ machines to search for valuable targets in the defense sector.

After a similar attack by another Chinese state-affiliated hacking group on the U.S. Chamber of Commerce in 2011, the chamber believed it had rid hackers from its network only to discover months later that an office printer and even a thermometer in one of its corporate apartments were still sending information back to computers in China.

Samsung introduced Samsung Pay in the United States just 38 days after LoopPay learned it had been breached. On average, it takes 46 days before an attack by hackers can be fully resolved, according to the Ponemon Institute, a nonprofit that tracks breaches. But the time to fix the damage is typically much longer in cases of sophisticated Chinese hackings like the one at LoopPay.

“Once Codoso compromises their targets — which range from dissidents to C-level executives in the U.S. — they tend to stay there for quite a long time, building out their access points so they can easily get back in,” said John Hultquist, the head of intelligence on cyberespionage at iSight Partners, a security firm. “They’ll come back to a previous organization of interest again and again.”

LoopPay hired two private forensics teams to investigate the breach on Aug. 21, just a month before it was set to bring Samsung Pay to the United States, according to Mr. Graylin. Both are still working the case. But the investigation has been unusual from the start. LoopPay told the teams to look at different portions of its network. One of the firms, Sotoria, which is based in Charleston, S.C., was given a backup of LoopPay’s data and asked to leave the company’s headquarters after just three days.

Mr. Graylin said that was because the team was looking at LoopPay systems that he said fell outside the scope of the initial contract, in what Mr. Graylin described as an attempt to extract more fees. Even so, he said, LoopPay was still working with the company to resolve the breach. Sotoria executives said they could not comment on the investigation. Mr. Graylin would not name the second computer forensics firm looking into the attack.

LoopPay has not notified law enforcement about the security breach, Mr. Graylin said, because his firm believed no customer data or financial information had been stolen. He also played down concerns that hackers might try to use the information they stole about his company’s technology in order to infiltrate Samsung Pay or create a copycat product. He said if such a thing emerged, LoopPay could file a patent lawsuit. What’s more, he said, it would be viable only if major banks, credit card companies and carriers were willing to team up with the copycat.

News of the breach at LoopPay comes at a particularly inopportune time for Samsung, which is locked in a bitter war for smartphone supremacy against Apple and its immensely popular iPhone, as well as a newer crop of less expensive devices from manufacturers like China’s Xiaomi.

Tags:
information leaks hackers China Samsung Pay
Source:
The New York Times
2149
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015