| Thread Tools |
15th December 2020, 10:01 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 153,575
| Point of Sale terminals insecure for at least a decade PoS security Two of the biggest manufacturers of PoS devices made products which could have allowed cyber criminals to steal credit card details, clone terminals and commit other forms of financial fraud at the cost of both buyers and retailers. The vulnerabilities in Verifone and Ingenico products – which are used in millions of stores around the world – have been detailed by independent researcher Aleksei Stennikov and Timur Yunusov, head of offensive security research at Cyber R&D Lab, during a presentation at Black Hat Europe 2020. The vulnerabilities can now be fixed by applying security patches – although it can't be certain at all if retailers and others involved in the distribution and use of the PoS terminals have applied the updates. One of the key vulnerabilities in both brands of device is the use of default passwords that could provider attackers with access to a service menu and the ability to manipulate or change the code on the machines in order to run malicious commands. Researchers say these security issues have existed for at least 10 years while some have even existed in one form or another for up to 20 years – although the latter are mostly in legacy elements of the device that are no longer used. Tim Callan, Chief Compliance Officer at Sectigo, said: “The bottom line is that usernames and passwords are not a safe method for authentication, whether for PoS terminals or social media accounts. Consumers and enterprises still struggle to change their reliance on the password model. This latest vulnerability underlines just how flawed the model is, as one insecure device protected by a default password on a connected network makes every connected device vulnerable. That is why many device manufacturers are moving to stronger authentication models like PKI.” https://fudzilla.com/news/52045-poin...least-a-decade |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Apple's latest acquisition could turn iPhones into payment terminals | Stefan Mileschin | WebNews | 0 | 3rd August 2020 06:04 |
Apple’s sign-in insecure | Stefan Mileschin | WebNews | 0 | 5th July 2019 15:59 |
HBO is giving you one day to stream 'Insecure' for free | Stefan Mileschin | WebNews | 0 | 13th July 2017 18:58 |
The exciting world of credit card terminals is coming to VR | Stefan Mileschin | WebNews | 0 | 29th May 2017 10:24 |
Android most insecure OS of 2016 | Stefan Mileschin | WebNews | 0 | 4th January 2017 20:47 |
iWatches ruled too insecure for UK ministers | Stefan Mileschin | WebNews | 0 | 11th October 2016 06:38 |
Sony's new point-and-shoot is the point-and-shoot to end all point-and-shoots | Stefan Mileschin | WebNews | 0 | 11th June 2015 08:19 |
iPads too insecure for British cabinet | Stefan Mileschin | WebNews | 0 | 5th November 2013 08:10 |
Samsung's Smart EX2F point-and-shoot now on sale for $500 | Stefan Mileschin | WebNews | 0 | 25th September 2012 09:00 |
Security experts hack payment terminals to steal credit card info | Stefan Mileschin | WebNews | 0 | 30th July 2012 08:52 |
Thread Tools | |
| |