Share the post "Hackers Smarter Than Smart Credit Card Terminals"
Felling secure with a smart credit card? Halt for a moment. Experts say chip-enabled “smart” credit cards are no good if the shop’s point-of-sale devices are dumb.
Two security researchers in Las Vegas has shown how easily criminals could take control of a shop owner’s credit card terminals, even if the shop uses the latest chip-and-PIN machines.
The terminals are supposed to be safe, because they encrypt your PIN as you type it and don’t store your credit card’s data. But MWR Labs researchers found that a hacker could easily tell the machines to do the opposite.
MWR, which works closely with the financial industry and governments, has yet to observe this tactic used by criminals.
Hacking is done by inserting a smart card with malware into the machine. It’s pretty easy because the terminals operate on a false sense of trust. They think whatever cards passed through them are authentic bank cards.
All day long, the machine gathers the information. At day’s end, the hacker returns with another card, which sucks all that data out of the machine. The store clerk wouldn’t even notice.
Hacking the terminals is virtually undetectable. Turning the machine off erases all evidence that the hack ever even happened.
The researchers found the weakness in Miura Shuttle handheld point-of-sale terminals, a popular hardware supplier that is sold by vendors under many other brand names.
Researchers said the vendors were cooperative in working to fix the issue. Still, it’s up to merchants to update their systems, which in reality, they rarely do.