Physical attackers can get access to account information by visiting the user’s mobile phone. Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account information by visiting the user’s mobile phone. UPI payment in Samsung Pass prior to version 4.0.04.10 allows X.509 certificate based on Mozilla Secure Open Network (SON) protocol to be used for authentication. X.509 certificate based on Mozilla Secure Open Network (SON) protocol can be used by physical attackers to access account information without authentication. Physical attackers can get access to account information by visiting the user’s mobile phone.
Impact of the issue Physical attackers can get access to account information by visiting the user’s mobile phone.
Impact of the issue X.509 certificate based on Mozilla Secure Open Network (SON) protocol can be used by physical attackers to access account information without authentication.
B: Walkthrough for the Issue
As a result, users can be attacked by physical attackers without authorization. With this vulnerability, users will be vulnerable to data theft and financial loss as they wouldn’t be able to know if their account information has been stolen.
Authentication bypass vulnerability
Impact of the issue X.509 certificate based on Mozilla Secure Open Network (SON) protocol can be used by physical attackers to access account information without authentication.
Description of the issue
Samsung Pass users are vulnerable to access account information by visiting the user’s mobile phone.
This issue can be used by physical attackers to access account information without authentication.
How Did We Find Out?
Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account information by visiting the user’s mobile phone
Impact of the issue X.509 certificate based on Mozilla Secure Open Network (SON) protocol can be used by physical attackers to access account information without authentication.
Timeline
Published on: 09/09/2022 15:15:00 UTC
Last modified on: 09/21/2022 20:25:00 UTC