Company News • 08.04.2014

Mobile Point of Sale devices could leave millions worldwide open to attack

Mobile Point of Sale (MPOS) devices can be easily hacked, leaving banks, retailers and millions of customers exposed to serious fraud around the world, global information security firm MWR InfoSecurity has revealed at the SyScan security conference in Singapore today.

Security researchers from MWR Labs, the research arm of the company, who in 2012 revealed critical vulnerabilities in Chip-and-Pin devices, demonstrated at the conference that it is possible to compromise MPOS terminals with multiple attacking techniques using micro USBs, Bluetooth and a malicious programmable smart card.

Jon, Head of research at MWR InfoSecurity, said: “What we have found reveals that criminals can compromise the MPOS payment terminal and get full control over it. This would allow an attacker to gather PIN and credit card data, and event change the software on the device so that it accepts illegitimate payments.”

He added: “This shows that card holders paying at MPOS terminals worldwide are potentially at risk. Banks and retailers should also be wary when implementing this technology as it could leave them open to serious fraud.”

MWR’s researchers demonstrated how an attacker could gain control over the MPOS terminal. This allowed them to display ‘try again’ messages, switch the device into insecure mode, capture the PIN code when entered and even enable it to accept stolen credit cards. They were even able to use the device to play a simplified version of the popular game Flappy Bird.

Nils, a security researcher at MWR, said: “MPOS is a promising technology with a growing market uptake, well suited for use in modern payment systems, but current implementations are not well designed from a security perspective. It is critical to get security right early as there is a huge potential for fraud around the world.”

He added: "Lessons that have been learned from desktop computers and servers are yet to be applied to embedded systems."

The team discovered the issues as part of its ongoing research programme into secure payment technologies. Companies use MWR to understand how they may be vulnerable to fraud and attack by criminals using advance and sophisticated attacks.

The company has notified the vendors involved and has assisted with the relevant information needed to address the identified issues. They are unable to provide any specific details on the vulnerabilities found as the devices concerned are currently being used at thousands of retail outlets in the UK and around the world.

Source: MWR InfoSecurity

related articles:

popular articles:

Thumbnail-Photo: Nedap teams with Foot Locker to extend RFID project...
05.10.2023   #omnichannel #software applications

Nedap teams with Foot Locker to extend RFID project

Foot Locker successfully matches supply and demand in newly opened stores in Eastern Europe using RFID technology

Nedap the global leader in RFID solutions, announces that multi-brand sports fashion and apparel retailer Foot Locker has successfully extended Nedap iD Cloud to its new, Eastern European stores. The objective is to offer the best possible ...

Thumbnail-Photo: The global state of autonomous stores
18.12.2023   #Tech in Retail #self-checkout systems

The global state of autonomous stores

The stores are located in various retail segments such as food retail, fashion, electronics, convenience stores and fast food.

In a highly competitive global retail landscape, autonomous stores are an emerging force that addresses changing consumer behaviors, reduces operational costs, improves profitability, and powers revenue growth strategies. Advancements in autonomous ...

Thumbnail-Photo: Toshiba Launches New ELERA™ Security Suite to Address the Industry’s...
22.09.2023   #cashpoints #customer experience

Toshiba Launches New ELERA™ Security Suite to Address the Industry’s Challenges Around Shrink

Toshiba’s A.I.-powered solution empowers retailers across the globe to better manage loss prevention and protect profits

Security Suite from Toshiba Global Commerce Solutions empowers retailers to minimize shrink...

Thumbnail-Photo: MPREIS Transforms Operations with Zebra Workcloud Task Management™...
06.11.2023   #customer experience #software developement

MPREIS Transforms Operations with Zebra Workcloud Task Management™ Software Solution

Austrian food retailer to streamline communication in around 300 stores to improve staff engagement, inventory optimisation, and customer satisfaction

MPREIS has around 300 Austrian stores in regions across Tyrol...

Thumbnail-Photo: EuroCIS 2024 - technology special
11.12.2023   #online trading #e-commerce

EuroCIS 2024 - technology special

The latest technology solutions and trends for you and the retail sector

At EuroCIS 2022 from February 27 to 29, 2024, the Leading Trade Fair for Retail Technology, we will be looking at all the important and current topics relating to technology in retail: AI and Machine Learning, Payment, Connected Retail, Seamless Store and Smart Energy Management and many more.

Thumbnail-Photo: Out of Stock in Retail and innovative solutions to avoid them...
07.11.2023   #brick and mortar retail #customer satisfaction

Out of Stock in Retail and innovative solutions to avoid them

Due to various events, the availability of goods in retail will be increasingly restricted from 2022, with the result that customers cannot find in food retail the products they wish to buy, because those products are sold out, are temporarily ...

Thumbnail-Photo: Unified Commerce Platform in focus
24.10.2023   #omnichannel #software developement

Unified Commerce Platform in focus

Handover at REMIRA: Dirk Bingler supersedes Stephan Unser as CEO

REMIRA is setting the course for future development of the company: On November 1, Dirk Bingler (48) will become the new CEO of the supply chain and omnichannel software expert headquartered in Dortmund. The previous CEO Stephan Unser (62) moves to ...

Thumbnail-Photo: EuroCIS 2024: Go beyond today!
16.10.2023   #retail #Tech in Retail

EuroCIS 2024: Go beyond today!

27 to 29 February 2024 will see the Who’s Who of Europe’s retail technology sector meet in Düsseldorf

Go beyond today! EuroCIS at the end of February will once again show solutions and products for the retail of the future @Messe DüsseldorfIn late February, numerous companies will again exhibit solutions and products for retailers to shape and ...

Thumbnail-Photo: New German vending partner for ITL
30.11.2023   #Tech in Retail #cash management

New German vending partner for ITL

Innovative Technology (ITL) have recently announced Bernd Boddart as their latest trading partner

Bernd Boddart will be supplying their cash validation and biometric age verification solutions to the German vending market. Bernd Boddart, based in Mönchengladbach, Germany, have 30 years of experience in the field of coffee machines, table ...

Supplier

REMIRA Group GmbH
REMIRA Group GmbH
Phoenixplatz 2
44263 Dortmund
Captana GmbH
Captana GmbH
Bundesstraße 16
77955 Ettenheim
Innovative Technology Ltd.
Innovative Technology Ltd.
Innovative Business Park
OL1 4EQ Oldham
Zebra Technologies Germany GmbH
Zebra Technologies Germany GmbH
Ernst-Dietrich-Platz 2
40882 Ratingen