Security vulnerabilities in Point-of-sale (PoS) terminals produced by two of the biggest manufacturers of these devices in the world could have allowed cyber criminals to steal credit card details, clone terminals and commit other forms of financial fraud at the cost of both buyers and retailers.
The vulnerabilities in Verifone and Ingenico products – which are used in millions of stores around the world - have been detailed by independent researcher Aleksei Stennikov and Timur Yunusov, head of offensive security research at Cyber R&D Lab during a presentation Black Hat Europe 2020.
After being disclosed to the vendors, the vulnerabilities can now be fixed by applying security patches – although it can be certain at all if retailers and others involved in the distribution and use of the PoS terminals have applied the updates.
One of the key vulnerabilities in both brands of device is the use of default passwords which could provider attackers with access to a service menu and the ability to manipulate or change the code on the machines in order to run malicious commands.
Researchers say these security issues have existed for at least 10 years while some have even existed in one form or another for up to 20 years – although the latter are mostly in legacy elements of the device which are no longer used.
See: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened
Attackers could gain access to the devices to manipulate them in one of two ways. Either they're able to physically gain access to the PoS terminal, or they ..
Support the originator by clicking the read the rest link below.
