CUHK study: Major security loopholes found in e-wallets

A CUHK research team discovered major security gaps in popular mobile payment syAs Hong Kong inches slowly towards a cashless society with the introduction of mobile payment systems such as AliPay, Apple Pay, Samsung Pay and the like, researchers recently warned of major security loopholes that could allow attackers to steal payment tokens while transactions are in progress.

The System Security Lab at the Department of Information Engineering of the Chinese University of Hong Kong (CUHK) two weeks ago shared the discoveries of its two-year-study by the research team led by CUHK assistant professor Kehuan Zhang with collaborators from Tsinghua University in China and Indiana University of Bloomingdale in the US. The result of the study has also been released at USENIX Security ’17, a prestigious annual academic conference on internet security, held last August in Vancouver.

Graph 1: Mobile Payment Workflow

“Security measures have been put in place to protect the mobile payment processes. The hash function mixes all the information together so that even if you get the token it is impossible to inversely infer the user ID and the secret as well as the time generated, which puts a time limit on the payment window,” Zhang said.

“Also the transmission of the token is designed to be distance bonded, making it hard to sniff the token from afar. However, the experiment we have conducted showed that these deterrents only work on passive adversaries who are just silently sniffing to get the tokens,” he added.

The measures fall flat when the team inserted “an active adversary” into the mobile payment working flow.

Setting up the scene

In 2015, the research team started with their study focusing their attention to conducting an on-the-field experiment on the security of the then recently launched Samsung Pay in the US. After a year, they expanded their research one on Alipay in China.

Currently, there are four most widely adopted forms of transmitting payment tokens:  Near Field Communications (NFC), Quick Response Code (QR Code) scans, Magnetic Secure Transmission (MST) and audio signals.

For the study, Zhang said they concentrated on testing the security of QR Code, MST and audio signals. “The common denominator is that all these channels only support one-way interaction. So, if a mobile phone sends a token to a POS machine and the transaction fails, the payee’s device is unable to notify the payer and cancel or reclaim the token already issued – a loophole an active adversary can exploit.”

The team then developed an attack called STLS or synchronized token lifting and spending. This attack seeks to acquire a live token, prevents it from being legally used, and then spends it at another place before it expires.

“What makes this incident different from simple sniffing is that the attacker can disconnect the communication between POS machine and the cloud during a mobile payment transaction. This prevents the backend server from verifying the token to validate the transaction,” Zhang said.

Vulnerability in the MST function

In testing the security of MST, which is uniquely used by Samsung Pay, CUHK researchers found that the magnetic signals can be picked up from two to three meters away. So a rogue in a supermarket queue can seize the opportunity to attack and steal the token.

Graph 2: STLS attack on Samsung Pay

“The assumption is that the security risk is only three inches, but we hound this assumption invalid. We have developed an antenna that can reliably sniff the token from two to three meters away. This is problematic. If it is a mobile POS that communicates to the backend server through some kind of wireless channel – such as WiFi or 3G, we can place a jammer to break that communication channel. We  used a laptop to capture the token and card replicator to make a new card using the magnetic stripe,” Zhang said.