Company News • 08.04.2014

Mobile Point of Sale devices could leave millions worldwide open to attack

Mobile Point of Sale (MPOS) devices can be easily hacked, leaving banks, retailers and millions of customers exposed to serious fraud around the world, global information security firm MWR InfoSecurity has revealed at the SyScan security conference in Singapore today.

Security researchers from MWR Labs, the research arm of the company, who in 2012 revealed critical vulnerabilities in Chip-and-Pin devices, demonstrated at the conference that it is possible to compromise MPOS terminals with multiple attacking techniques using micro USBs, Bluetooth and a malicious programmable smart card.

Jon, Head of research at MWR InfoSecurity, said: “What we have found reveals that criminals can compromise the MPOS payment terminal and get full control over it. This would allow an attacker to gather PIN and credit card data, and event change the software on the device so that it accepts illegitimate payments.”

He added: “This shows that card holders paying at MPOS terminals worldwide are potentially at risk. Banks and retailers should also be wary when implementing this technology as it could leave them open to serious fraud.”

MWR’s researchers demonstrated how an attacker could gain control over the MPOS terminal. This allowed them to display ‘try again’ messages, switch the device into insecure mode, capture the PIN code when entered and even enable it to accept stolen credit cards. They were even able to use the device to play a simplified version of the popular game Flappy Bird.

Nils, a security researcher at MWR, said: “MPOS is a promising technology with a growing market uptake, well suited for use in modern payment systems, but current implementations are not well designed from a security perspective. It is critical to get security right early as there is a huge potential for fraud around the world.”

He added: "Lessons that have been learned from desktop computers and servers are yet to be applied to embedded systems."

The team discovered the issues as part of its ongoing research programme into secure payment technologies. Companies use MWR to understand how they may be vulnerable to fraud and attack by criminals using advance and sophisticated attacks.

The company has notified the vendors involved and has assisted with the relevant information needed to address the identified issues. They are unable to provide any specific details on the vulnerabilities found as the devices concerned are currently being used at thousands of retail outlets in the UK and around the world.

Source: MWR InfoSecurity

related articles:

popular articles:

Thumbnail-Photo: “Carbon” – The future of payment transactions by InterCard...
18.03.2019   #payment systems #Trade fair special EuroCIS 2019

“Carbon” – The future of payment transactions by InterCard

Customer-oriented processes beyond standard market solutions

Thumbnail-Photo: Pioneering spirit in online retail: participation is welcomed...
27.02.2019   #online trading #food delivery service

Pioneering spirit in online retail: participation is welcomed

The startup company myEnso from Bremen shows how an online supermarket can be successful

Modern pioneers: At myEnso, customers have a say in the store’s product selection. The online store continues to evolve with its customers and focuses on quality, sustainability and an innovative spirit.We spoke with Isabella Henrichs and ...

Thumbnail-Photo: APG Cash Drawer: new SMARTtill business development manager...
15.05.2019   #cash management #cash handling systeme

APG Cash Drawer: new SMARTtill business development manager

APG Cash Drawer announces hire of SMARTtill business development manager

APG Cash Drawer, a fast-growing global manufacturer of cash management solutions, announced today the addition of Tony Pusateri as SMARTtill Business Development Manager. ...

Thumbnail-Photo: Robots in retail: producer and salesperson all-in-one at the fully...
15.03.2019   #artificial intelligence #customer retention

Robots in retail: producer and salesperson all-in-one at the fully automated kiosk

Interview with Matthias Krinke, Managing Director of pi4_robotics GmbH

At Berlin’s shopping mall Bikini Berlin, we meet the robot “Gisela”. The robot’s designer Matthias Krinke sat down with us and explained what she can do and revealed what the retail industry can expect from her and her ...

Thumbnail-Photo: Welcome to the tenth edition of the RetailShow Exhibition...
22.03.2019   #e-commerce #cashpoints, cash register, cash desk

Welcome to the tenth edition of the RetailShow Exhibition

Exhibition of Equipment, Technology and Services for Retail

We kindly invite you to participate in the biggest, annual, B2B retail event in Poland: Exhibition of Equipment, Technology and Services for Retail – RetailShow. The closest, tenth edition will be held on 20-21 November 2019 in Warsaw, ...

Thumbnail-Photo: Secure networking for 8,800 locations
09.04.2019   #security #software developement

Secure networking for 8,800 locations

LANCOM and ecotel to build one of the largest SD-WANs in Europe

The German network infrastructure supplier LANCOM Systems and the Düsseldorf-based ICT company ecotel have concluded a far-reaching cooperation agreement to build one of the largest WAN projects featuring software-defined networking (SDN) in ...

Thumbnail-Photo: Social commerce 2.0: artificial intelligence detects purchase intention...
18.04.2019   #e-commerce #sustainability

Social commerce 2.0: artificial intelligence detects purchase intention

Choosy analyzes fashion trends on Instagram – and redesigns them

The fashion world moves at lightning speed – and more than ever thanks to the rise of social media. In the past, key trends emerged off the runways twice a year during fashion weeks. Now Instagram et al. set the tone daily thanks to feeds of ...

Thumbnail-Photo: Online inventory management system
06.05.2019   #online trading #e-commerce

Online inventory management system

5 things e-commerce retailers should look for

In order to perform online efficiently as an Internet retailer, one needs to choose the most effective inventory management system. Its main features should include centralised user interface, full automation, automated stock checking and ...

Thumbnail-Photo: E-commerce: AI-powered translations revitalize business...
29.04.2019   #online trading #e-commerce

E-commerce: AI-powered translations revitalize business

Interview with Boris Zielonka, Director Marketing & Sales, Eurotext AG

Retailers who set up an online store can expand their business – especially if they create a multilingual content strategy.As a language and translation service, Eurotext AG supports retailers in this endeavor. From this conversation with ...

Thumbnail-Photo: APG Cash Drawer announces hire of connectivity product manager...
08.03.2019   #cashpoints, cash register, cash desk #POS Solutions

APG Cash Drawer announces hire of connectivity product manager

They make addition to product management team to expand its product portfolio

APG Cash Drawer, a fast-growing global manufacturer of cash management solutions, announced today the addition of Ron Stephenson to the position of Connectivity Product Manager. In his role, Ron will spearhead the company’s mobility, interface ...

Supplier

LANCOM Systems GmbH
LANCOM Systems GmbH
Adenauerstraße 20 / B2
52146 Würselen
APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
Permaplay Media Solutions GmbH
Permaplay Media Solutions GmbH
Aschmattstr. 8
76532 Baden-Baden
ROQQIO Commerce Solutions GmbH
ROQQIO Commerce Solutions GmbH
Harburger Schloßstraße 28
21079 Hamburg