Company News • 08.04.2014

Mobile Point of Sale devices could leave millions worldwide open to attack

Mobile Point of Sale (MPOS) devices can be easily hacked, leaving banks, retailers and millions of customers exposed to serious fraud around the world, global information security firm MWR InfoSecurity has revealed at the SyScan security conference in Singapore today.

Security researchers from MWR Labs, the research arm of the company, who in 2012 revealed critical vulnerabilities in Chip-and-Pin devices, demonstrated at the conference that it is possible to compromise MPOS terminals with multiple attacking techniques using micro USBs, Bluetooth and a malicious programmable smart card.

Jon, Head of research at MWR InfoSecurity, said: “What we have found reveals that criminals can compromise the MPOS payment terminal and get full control over it. This would allow an attacker to gather PIN and credit card data, and event change the software on the device so that it accepts illegitimate payments.”

He added: “This shows that card holders paying at MPOS terminals worldwide are potentially at risk. Banks and retailers should also be wary when implementing this technology as it could leave them open to serious fraud.”

MWR’s researchers demonstrated how an attacker could gain control over the MPOS terminal. This allowed them to display ‘try again’ messages, switch the device into insecure mode, capture the PIN code when entered and even enable it to accept stolen credit cards. They were even able to use the device to play a simplified version of the popular game Flappy Bird.

Nils, a security researcher at MWR, said: “MPOS is a promising technology with a growing market uptake, well suited for use in modern payment systems, but current implementations are not well designed from a security perspective. It is critical to get security right early as there is a huge potential for fraud around the world.”

He added: "Lessons that have been learned from desktop computers and servers are yet to be applied to embedded systems."

The team discovered the issues as part of its ongoing research programme into secure payment technologies. Companies use MWR to understand how they may be vulnerable to fraud and attack by criminals using advance and sophisticated attacks.

The company has notified the vendors involved and has assisted with the relevant information needed to address the identified issues. They are unable to provide any specific details on the vulnerabilities found as the devices concerned are currently being used at thousands of retail outlets in the UK and around the world.

Source: MWR InfoSecurity

related articles:

popular articles:

Thumbnail-Photo: 45th anniversary of the barcode in retail
01.07.2019   #barcode scanner #qr code

45th anniversary of the barcode in retail

GS1 US celebrates the barcode’s relevance as the backbone of commerce

GS1 US®, the information standards organization best known as the administrator of UPC barcodes, this week celebrates 45 years since the debut and first scan of the iconic barcode. On June 26, 1974, a pack of Wrigley's chewing gum carrying a ...

Thumbnail-Photo: Mobile payments at the supermarket checkout
05.08.2019   #mobile payment #smartphone

Mobile payments at the supermarket checkout

An early adopter’s experience of mobile payments

Or: "What’s that you’re doing with your watch?“I still remember the first time I used mobile payment technology and paid for items with my smartphone at a supermarket checkout: It was October 17, 2018, exactly seven days after ...

Thumbnail-Photo: Nets and Swish partner on in-store payments pilot...
23.07.2019   #mobile payment #mobile terminals

Nets and Swish partner on in-store payments pilot

Bluetooth tech enables scalable instore payments for mobile payment app

Nets, a European payments company, and Swish, the number one payments app in Sweden, announce their collaboration on an in-store payments pilot program.Until now, Swish has mostly been used for account-to-account transactions and, more recently, ...

Thumbnail-Photo: Smart meters: Be proactive and reap the benefits...
12.08.2019   #energy optimization #electrical installation

Smart meters: Be proactive and reap the benefits

The Metering Point Operation Act calls for smart meter rollout

The black and analog electric meter box has become obsolete: The mandatory smart meter rollout will commence in a few months. What does the installation of digital, smart electric meters mean for retailers and chain stores? ...

Thumbnail-Photo: Well cooled shopping entertainment, please!
15.07.2019   #refrigeration cabinets #refrigerated counters

Well cooled shopping entertainment, please!

What about modern refrigeration technology?

Pierluigi Schiesaro and Gian Paolo Di Marco from Arneg, a company focusing on food service equipments, talk about refrigeration systems as "shopping entertainment".They also tell us what sustainable refrigeration could look like and why ...

Thumbnail-Photo: App creates personalised shopping experience...
26.08.2019   #mobile payment #app

App creates personalised shopping experience

The Swiss trading company Valora is opening its first cashless convenience store

The goods are chosen, scanned and paid for using the avec smartphone app. Mobile computer vision specialists Scandit’s scan engine is a key component of the customer-facing app. The future of shopping - whether online or offline - is ...

Thumbnail-Photo: Retail analytics: Breaking down data silos and improving operational...
29.07.2019   #data management #data analysis

Retail analytics: Breaking down data silos and improving operational efficiency

How comprehensive data usage led to higher revenue at Heine

“As a business with heritage in mail order, we used to have access to detailed reports about product performance in our catalogues. Once our digital presence grew, we had very limited information available that combined the KPIs for both our ...

Thumbnail-Photo: Retail service robots – helper or footfall generator?...
22.07.2019   #pos marketing #services

Retail service robots – helper or footfall generator?

Using drag and drop to train the new coworker

Many of us know their faces, even if we have never met them in person. One of these faces belongs to Pepper, the humanoid robot. It has fast become a media star. ...

Thumbnail-Photo: Denmarks largest garden center chain is chasing a green profile...
26.06.2019   #sustainability #electronic shelf labels (ESL)

Denmark's largest garden center chain is chasing a green profile

Electronic shelf labels for paper reduction

Plantorama introduces electronic shelf labels in all stores, which significantly reduces the chain's paper consumption. The project will strengthen the chain's green profile and will have a positive influence on the customer experience and ...

Thumbnail-Photo: Innovative ICA store triples revenue
22.08.2019   #electronic shelf labels (ESL) #price labelling

Innovative ICA store triples revenue

Automatic price updates and product information at the shelf

Since ICA merchant, Jan Sikström, took over the ICA Ettan store in Sundsvall (Sweden) in 2016, he has almost tripled the turnover from SEK 15 million to SEK 40 million. Today, the store has 15 employees and approximately 5,000 different items ...

Supplier

Permaplay Media Solutions GmbH
Permaplay Media Solutions GmbH
Aschmattstr. 8
76532 Baden-Baden
APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
Superdata GmbH
Superdata GmbH
Ruhrstr. 90
22761 Hamburg
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
iXtenso - Magazin für den Einzelhandel
iXtenso - Magazin für den Einzelhandel
Celsiusstraße 43
53125 Bonn