Samsung Pay wasn’t breached in state-sponsored LoopPay hack, executives say

samsung pay first us birthday mobile payment
LoopPay — the Massachusetts-based company that Samsung acquired in February and the developer behind one of Samsung Pay’s core technologies — stores a lot of valuable data behind its virtual walls. Data so valuable, in fact, that the company’s servers were recently the target of state-sponsored hackers. The New York Times reports that as early as March, a team of government-affiliated Chinese hackers known as the Codoso Group managed to infiltrate LoopPay’s corporate network.

The apparent target of the breach was LoopPay’s technology. Unlike Apple Pay and Android Pay, LoopPay uses magnetic secure transmission (MST), a radio-based mechanism that wirelessly emulates a credit card swipe. While most tap-and-pay mobile wallets require a point-of-sale system with near-field communication (NFC) capabilities, Samsung says MST works with with “90 percent” of legacy terminals in use by U.S. retailers.

“Samsung Pay was not impacted and at no point was any personal payment information at risk.”

LoopPay, which became aware of the breach in late August, told the New York Times an ongoing investigation had found no evidence that the hackers accessed sensitive customer data. Will Graylin, LoopPay chief and co-general manager of Samsung Pay, told the Times that the group wasn’t able to breach the system that stores payment information. Samsung executives echoed those assurances.

“Samsung Pay was not impacted and at no point was any personal payment information at risk,” said Samsung’s chief privacy officer Darlene Cedres in a statement. “This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay.” Samsung also said the breach won’t impact the U.S. rollout of Samsung Pay, which began a little over a month ago.

Some security analysts believe the extent of the damage may take weeks to uncover. The Codoso Group had access to LoopPay’s corporate servers for five months before a third-party company stumbled upon signs of the breach. And in an attack on Forbes perpetrated by the Codoso Group last November, later forensics revealed the presence of resilient backdoors to the news organization’s infrastructure.

LoopPay has hired two private security teams to investigate the breach. The company hasn’t notified law enforcement because it believes “no customer data or financial information had been stolen,” the Times reports.

The hack is the latest in a series of Chinese attacks on high-profile U.S. targets. A breach of the U.S. Office of Personnel Management’s (OPM) network in June affected four million state employee records, and in 2011, a Chinese state-affiliated group managed to breach the U.S. Chamber of Commerce.


Security vulnerabilities found in three quarters of mobile apps

Three quarters of Android and iOS apps have security vulnerabilities related to insecure data storage. This could lead to information like passwords, financial details, personal data, and communications being accessible by hackers.

NASA hacked: 500 MB of mission data stolen through a Raspberry Pi computer

NASA's Jet Propulsion Laboratory was hacked last year by an attacker who used a Raspberry Pi computer. The hacker took advantage of the network's weaknesses to steal 500 MB of data, while remaining undetected for 10 months.

What is Libra? Here’s what you need to know about Facebook’s new cryptocurrency

Facebook released a white paper announcing its new cryptocurrency, Libra, which it intends as a way to enable more people around the world to process online payments. Here's how the new blockchain technology works.

Your smartphone knows all your secrets. Put it on lockdown with these tips

Having your smartphone hacked can feel like someone robbed your house. It's a massive invasion of privacy and a violation of your personal space. We've put together a checklist of precautions that will help you avoid this terrible fate.

Samsung Galaxy Note 10 Tesla Special Edition turns out to be a beautiful dream

The Samsung Galaxy Note 10 may not be far away now, but there are still surprises in store. One that will not happen is a team-up with Tesla. A post on Weibo referenced what turns out to be an imaginative high-concept render by a YouTuber.

What is Apple CarPlay? Here's all you need to know about iOS in your dashboard

CarPlay is one of two major infotainment systems currently vying for your car's dash. Here's everything you need to know about the system, including its feature set and host of third-party apps.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Illuminated keyboards and a retro gaming console

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!

Crowdsourced interactive mapping app Waze gives you the lowdown on traffic

Waze is a free, ad-supported interactive navigation app with benefits. It calculates routes using social media crowdsourcing to alert you to current traffic conditions. Wazers act as the road's eyes and ears to alert other travelers.

FedEx mistakenly rejects shipment of a Huawei phone to the U.S.

There has been confusion about what exactly the placement of Huawei on the U.S. Entity List means for private customers. Recently a tech writer who tried to ship a Huawei phone to the U.S. was surprised when the phone was returned to him.

From true crime to comedy, here's our list of the best podcasts around

When you aren’t in the music mood, podcasts can be your ear candy. Whether you love to stay up-to-date on the latest news or want to know what’s happening in sports, you’ll find something on our must-listen-to podcast roundup.
Movies & TV

Netflix hack day project adds phone vibrations to every on-screen explosion

One of the highlights of the most recent Netflix hack day is Project Rumble Pak, which adds vibrations to the streaming service's smartphone app. The project seeks to improve the viewing experience by synchronizing haptics to content.

A library at your fingertips: The best free Kindle books

Reading shouldn't be an expensive hobby. Here, we've put together a list of some of the better free offerings currently available for Kindle devices, so you don't have to sort through thousands of titles on Amazon and Google Play.

Amazon Prime Day 2019: Start date, predictions, and the best deals so far

Amazon Prime Day 2019 isn't here yet, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.

The stand-alone Palm is available for purchase and still costs $350

A reboot of the classic Palm is finally here and it's tiny. It syncs to your phone and acts as a secondary device -- with a feature to help you disconnect from technology. The Palm will be available exclusively through Verizon for $350.