Company News • 08.04.2014

Mobile Point of Sale devices could leave millions worldwide open to attack

Mobile Point of Sale (MPOS) devices can be easily hacked, leaving banks, retailers and millions of customers exposed to serious fraud around the world, global information security firm MWR InfoSecurity has revealed at the SyScan security conference in Singapore today.

Security researchers from MWR Labs, the research arm of the company, who in 2012 revealed critical vulnerabilities in Chip-and-Pin devices, demonstrated at the conference that it is possible to compromise MPOS terminals with multiple attacking techniques using micro USBs, Bluetooth and a malicious programmable smart card.

Jon, Head of research at MWR InfoSecurity, said: “What we have found reveals that criminals can compromise the MPOS payment terminal and get full control over it. This would allow an attacker to gather PIN and credit card data, and event change the software on the device so that it accepts illegitimate payments.”

He added: “This shows that card holders paying at MPOS terminals worldwide are potentially at risk. Banks and retailers should also be wary when implementing this technology as it could leave them open to serious fraud.”

MWR’s researchers demonstrated how an attacker could gain control over the MPOS terminal. This allowed them to display ‘try again’ messages, switch the device into insecure mode, capture the PIN code when entered and even enable it to accept stolen credit cards. They were even able to use the device to play a simplified version of the popular game Flappy Bird.

Nils, a security researcher at MWR, said: “MPOS is a promising technology with a growing market uptake, well suited for use in modern payment systems, but current implementations are not well designed from a security perspective. It is critical to get security right early as there is a huge potential for fraud around the world.”

He added: "Lessons that have been learned from desktop computers and servers are yet to be applied to embedded systems."

The team discovered the issues as part of its ongoing research programme into secure payment technologies. Companies use MWR to understand how they may be vulnerable to fraud and attack by criminals using advance and sophisticated attacks.

The company has notified the vendors involved and has assisted with the relevant information needed to address the identified issues. They are unable to provide any specific details on the vulnerabilities found as the devices concerned are currently being used at thousands of retail outlets in the UK and around the world.

Source: MWR InfoSecurity

related articles:

popular articles:

Thumbnail-Photo: COVID-19 accelerates adoption of contactless payments...
20.05.2020   #payment systems #coronavirus

COVID-19 accelerates adoption of contactless payments

Consumers around the world are switching to contactless to help with social distancing

RBR’s Global Payment Cards Data and Forecasts to 2024 reportreveals how increased contactless card issuance and acceptance combined with changes in consumer behaviour are driving growth in contactless payments. In 2018, the number of ...

Thumbnail-Photo: Reflexis successfully expands into Baltic region by signing Maxima Latvia...
08.07.2020   #POS communications #workforce deployment

Reflexis successfully expands into Baltic region by signing Maxima Latvia

Region’s leading retail chain chooses workforce management solution

Reflexis Systems, the leading provider of intelligent workforce management and execution solutions for multi-site businesses in retail, food service, hospitality and banking, today announced that Maxima, one of the largest Latvian retail chains, has ...

Thumbnail-Photo: Europe to dominate open banking implementation...
26.05.2020   #mobile payment #payment systems

Europe to dominate open banking implementation

Instant messaging users to reach 4.3 billion in 2020, as new payment services emerge

A new study from Juniper Research found that the number of instant messaging users will reach 4.3 billion in 2020, rising from 3.9 billion in 2019. This is a growth of 9 percent year-on-year, largely driven by an increased need for remote ...

Thumbnail-Photo: World’s first convenience store retrofitted with AI technology...
14.08.2020   #video surveillance #video cameras

World’s first convenience store retrofitted with AI technology

Standard Cognition to provide Circle K with autonomous checkout

Standard (“Standard Cognition”) announced that Alimentation Couche-Tard, a company that operates close to 14,500 convenience stores worldwide, including under the global brand Circle K, has selected Standard to pilot touchless, ...

Thumbnail-Photo: Quantity discount on the WIMIsys PT51!
05.08.2020   #POS systems #displays

Quantity discount on the WIMIsys PT51!

From now until September 30th: 10% discount on the WIMIsys PT51 POS System when purchased together with a Swissbit TSE solution

Are you looking for TSE compliant POS solution for your customers in bakery, restaurant or retail shop? ...

Thumbnail-Photo: Digital access controls support distancing requirements in the era of...
06.07.2020   #brick and mortar retail #retail

Digital access controls support distancing requirements in the era of Corona

Essential staff are relieved and the risk of infection is reduced

Since the beginning of the pandemic, larger supermarkets and discounters have been imposing entrance restrictions to ensure that only a certain number of people are allowed within their Stores. Usually the access management is carried out by ...

Thumbnail-Photo: CCV announces consolidation of its international payment division,...
02.07.2020   #mobile payment #payment systems

CCV announces consolidation of its international payment division, focuses on market innovations

Under the flagship of CCV GmbH, the company plans to bring its innovation into specific international markets

CCV Group B.V. has announced that all of its international business activities will now be consolidated and run within its Germany-based division - CCV GmbH. CCV GmbH will carry out the activities of the former CCV Deutschland GmbH and CCV Easy, a ...

Thumbnail-Photo: POS TUNING tuned its pushfeed system
02.07.2020   #product presentation #product classification systems

POS TUNING tuned its pushfeed system

The supplier optimizes the compartment systems C60 and C90

Never change a running system?Who doesn't know this saying? Changing something well-tried always has something to do with risk. The danger that something suddenly doesn't run as well as before is always there. But standstill has never ...

Thumbnail-Photo: Interface for quick serial emulation and enhanced mPOS integration...
26.06.2020   #POS systems #software applications

Interface for quick serial emulation and enhanced mPOS integration

APG expands mobile interface portfolio to enhance connectivity options at the point of sale

APG Cash Drawer, a fast-growing global manufacturer of cash management solutions, announced today the release of a new USB interface option: the 485 USBProLite™ USB to Serial Emulation Interface. This interface solution extends the ...

Thumbnail-Photo: “Dear shopping cart, please show me the way!“...
06.07.2020   #self-checkout systems #scanner

“Dear shopping cart, please show me the way!“

Shopping Cart 2.0 – gimmick or idea with intrinsic value?

Not all shopping carts are the same... far from it! Digitization and automation also put their stamp on this aspect of the retail sector. What’s usually a plain, large basket on wheels that makes it easier for shoppers to transport products ...

Supplier

Poindus HQ - Taiwan
Poindus HQ - Taiwan
5F., No.59, Ln. 77, Xing-Ai Rd.,Neihu Dist.
Taipei City 114
CCV GmbH
CCV GmbH
Gewerbering 1
84072 Au i.d.Hallertau
Adasys GmbH – a Poindus Company
Adasys GmbH – a Poindus Company
Max-Planck-Straße 10
70806 Kornwestheim
APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
Reflexis Systems GmbH
Reflexis Systems GmbH
Kokkolastr. 5-7
40882 Ratingen
SALTO Systems GmbH
SALTO Systems GmbH
Schwelmer Str. 245
42389 Wuppertal
Apostore GmbH
Apostore GmbH
Uferstraße 10
45881 Gelsenkirchen
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
POS TUNING Udo Voßhenrich GmbH & Co KG
POS TUNING Udo Voßhenrich GmbH & Co KG
Am Zubringer 8
32107 Bad Salzuflen