A team of security researchers at the SyScan security conference claim that mobile point-of-sale (mPOS) devices are extremely susceptible to being hacked, which makes banks, small- and medium-sized retailers and customers who use the devices vulnerable to the loss of payment card information and fraud.
“What we have found reveals that criminals can compromise the mPOS payment terminal and get full control over it. This would allow an attacker to gather PIN and credit card data, and event change the software on the device so that it accepts illegitimate payments,” one of the researchers said of the disclosure.
“This shows that card holders paying at mPOS terminals worldwide are potentially at risk. Banks and retailers should also be wary when implementing this technology as it could leave them open to serious fraud.”
To demonstrate how vulnerable the mPOS are, the researchers posted the following video showing them playing the game Flappy Bird on one of the hacked devices:
At the conference, the team showed how an attacker could easily gain control over a targeted device and put it into an insecure mode, then display a “try again” message to the user, then capture payment card information and PINs, or alter the device to allow it to accept fraudulent credit cards.
“mPOS is a promising technology with a growing market uptake, well suited for use in modern payment systems, but current implementations are not well designed from a security perspective. It is critical to get security right early as there is a huge potential for fraud around the world,” the team said, but that “lessons that have been learned from desktop computers and servers are yet to be applied to embedded systems.”
The team did not reveal exactly how they managed to compromise the devices, but did say they have provided the manufacturers with details of the vulnerabilities.
Read More Here…