Square, PayPal POS Hardware Open to Multiple Attack Vectors

guest · Oct 30, 2018

Square, PayPal POS Hardware Open to Multiple Attack Vectors
Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft
October 30, 2018
https://threatpost.com/square-paypal-pos-hardware-open-to-multiple-attack-vectors/138681/

The report, from Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, and Timur Yunusov, head of banking systems security at Positive, analyzed seven card readers and four popular vendors (SumUp, iZettle, PayPal and Square) across the U.S. and Europe.

“Hardware security mechanisms are generally sophisticated in these products, but many other aspects of the payment ecosystem are far less secure, such as the mobile ecosystem and enrollment processes,” Galloway said, in a blog posted Monday on the findings.

In all, there were a number of disturbing attack vectors uncovered: For instance, two of the terminals (which were not specified) were found to have displays that an attacker could send and arbitrary command to and manipulate an on screen message.
[...]
And finally, two terminals were also found to be vulnerable to remote code-execution, giving cyberattackers full access to the terminals’ operating systems and the “Track 2” payment card data that they process, which includes account numbers and expiration dates.
Click to expand...

Log in or Sign up

Square, PayPal POS Hardware Open to Multiple Attack Vectors

guest Guest

Log in or Sign up

Square, PayPal POS Hardware Open to Multiple Attack Vectors

guest Guest

Useful Searches