POS Device Makers Push Patches for Vulnerabilities

POS Device Makers Push Patches for Vulnerabilities

ATM / POS Fraud , Endpoint Security , Fraud Management & Cybercrime

Researchers Found Flaws in Devices Made by Verifone, Ingenico Akshaya Asokan (asokan_akshaya) • December 15, 2020    

Point-of-sale device manufacturers Verifone and Ingenico have released fixes for flaws in some of their devices after researchers found the vulnerabilities could have enabled attackers to steal payment card data, clone cards or install malware.


See Also: The SASE Model: A New Approach to Security


Independent researcher Aleksei Stennikov and Timur Yunusov, head of offensive security research at Cyber R&D Lab, described their flaw findings in a paper presented at the recent Black Hat Europe 2020 virtual event.


To mitigate the risks posed by the flaws, the researchers urge device owners to immediately apply the patches from the vendors.


The vulnerabilities in the default password settings as well as arbitrary code execution affect the Verifone VX520 and Verifone MX series and the Ingenico Telium 2 series - all of which are in widespread use, the researchers say.


After being notified by the researchers and before the paper was published, the two vendors, along with the Payment Card Industry Security Standard Council, issued fixes for the flaws in November.


A spokesperson for Ingenico could not be r ..

Support the originator by clicking the read the rest link below.