Eavesdropping of Magnetic Secure Transmission Signals and Its Security Implications for a Mobile Payment Protocol

Daeseon Choi; Younho Lee

doi:10.1109/ACCESS.2018.2859447

IEEE Access (Jan 2018)

Eavesdropping of Magnetic Secure Transmission Signals and Its Security Implications for a Mobile Payment Protocol

Daeseon Choi,
Younho Lee

Affiliations

Daeseon Choi: ORCiD; Department of Medical Information, Kongju National University, Kongju, South Korea
Younho Lee: ORCiD; Department of Industrial and Information Systems Engineering, Seoul National University of Science and Technology, Seoul, South Korea

DOI: https://doi.org/10.1109/ACCESS.2018.2859447
Journal volume & issue: Vol. 6
pp. 42687 – 42701

Abstract

Read online

Magnetic secure transmission (MST) is a technology that emulates the action of swiping a magstripe card in a card reader in that it artificially generates the magnetic signal produced when a card is swiped. MST provides extremely high backward compatibility, i.e., mobile payment using an MST device is possible through most conventional magstripe readers. However, MST devices transmit magnetic signals to a remote magstripe card reader. Hence, it is possible to eavesdrop on such signals. We developed a device that can remotely eavesdrop on magnetic signals emitted by MST devices. Thus, we could obtain the one-time payment token contained in such signals at a maximum distance of 2.7 m. We successfully performed a wormhole attack against Samsung Pay, a widely used MST-based mobile payment service, and we were able to execute payment a few kilometers from where the eavesdropped one-time token was actually created.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords