Point-of-sale vulnerabilities can affect millions of terminals for merchants and customers. This threat of attack potentially places consumers at risk of data theft and credit card fraud. This claim is the assessment of cybersecurity experts at the recent Black Hat EU security conference. Here is what you need to know:
Cybersecurity Experts Highlight Mobile Payment Threats
Speaking at the recent Black Hat Europe security conference, cybersecurity researchers Timur Yunosov and Aleksei Stennikov highlighted a growing threat by data thieves to mobile payment devices. The experts identified point-of-sale payment terminals as the biggest threat – especially those made by Verifone and Ingenico.
Older Point-of-Sale Terminals in Danger of Hacking
The main issue with point-of-sale (POS) devices is their reliance on default passwords. These passwords provide physical access to information via a “service menu.” Service menus provide basic functions that are vulnerable to malware. Thus, this weakness makes them easy targets for hackers. POS terminals encrypt credit card data. However, that encryption occurs on the same terminal that is already potentially compromised with malware.
According to both experts, a hacker would only need five-to-ten minutes alone with a POS terminal to infect it with malware – potentially harming all customers using that device. Fortunately, many of these issues no longer pose a threat and are already fixed.
Only Legacy Point-of-Sale Vulnerabilities Impacted
A Verifone spokesperson was quick to note that a security patch already exists for the issue. In addition, many of the concerns relate to legacy devices. “The security firm has validated that our latest patches and software updates, which are available to all customers, remedy these vulnerabilities. Customers are currently in different phases of implementing these patches or software updates,” the spokesperson said in a statement to Forbes.
Ingenico, for its part, also stated the vulnerabilities are known – and no fraud has occurred to date. A spokesperson told Forbes that, “Different vulnerabilities impacting Ingenico POS Telium 2 terminal solutions have been identified. Proper security measures have been developed immediately to include suitable corrections after the vulnerabilities have been identified.” They continued, “Ingenico has not been made aware of any fraudulent access to payments data resulting from these vulnerabilities, already fully corrected.”
Related Article: Ten Ways to Stay Protected Against Credit Card Fraud