If a payment terminal could be forced into servitude as a crude handheld gaming device, what else could it be made to do? Researchers at the Black Hat conference showed just what mischief a commonly used UK PoS terminal could get up to when they inserted a chip-and-pin card crafted with malicious code. That enabled them to install a racing game and play it, using the machine's pin pad and screen. With the same hack, they were able to install a far less whimsical program as well -- a Trojan that could record card numbers and PINs, which could be extracted later by inserting another rogue card. On top of that, criminals could use the same method to fool the terminal into thinking a transaction was bank-approved, allowing them to walk out of a store with goods they hadn't paid for. Finally, the security gurus took a device popular in the US, and used non-encrypted ethernet communication between the terminal and other peripherals to hack into the payment device and take root control. Makes you want to put those credit cards (and NFC devices) away and stick to cash -- at least you can see who's robbing you blind.
[Original image credit: Shutterstock]
Filed under: Misc. Gadgets
Security experts hack payment terminals to steal credit card info, play games originally appeared on Engadget on Fri, 27 Jul 2012 06:41:00 EDT. Please see our terms for use of feeds.
Permalink |
PC World |
Email this |
Comments
We are essentially a cashless society. With the rise of debit cards in the late 1980s early '90s, fewer and fewer of us use paper money to pay for things. Throw in online shopping and single-retailer payment apps like the one from Starbucks, and ATMs...
Square Cash is continuing its crusade to make the business of parting with your hard-earned money a little less painful. It's just announced that it's cut down EMV transaction time on Square Reader for contactless and chip even further, to just two s...
One of Europe's largest electrical retailers has been the subject of a cyber attack that's compromised more than 5.9 million card records. Dixons Carphone, the owner of Currys PC World and Dixons Travel stores, says that most of these cards have chip...
Chip and PIN cards and readers are finally rolling out in the United States. Unlike traditional magnetic cards that use static information to make a transaction, pieces of plastic, based on a standard by Europay, MasterCard and Visa, create a new key...
If your wallet is bursting at the seams with credit, gift and loyalty plastic, the Coin universal card is supposed to lighten the load. Just add all your information to the app, sync it with Coin and get ready to buy all the things with a swipe or an...
We've known about Square's new NFC-friendly reader for a while, and now the point-of-sale gadget is available for use. Starting today, 100 merchants in "select cities" (quite a few, actually) will begin accepting NFC-driven payments like Apple Pay, A...
