Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Credit Card Roulette: Payment Terminals Pwned in Vegas

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 31 Jul 2012 03:42:33 -0500 (CDT)
http://www.wired.com/threatlevel/2012/07/pinpadpwned/

By Kim Zetter
Threat Level
Wired.com
July 30, 2012
LAS VEGAS -- At least three widely used credit and debit card purchasing terminals in the U.S. and U.K. have vulnerabilities that would allow attackers to install malware on them and sniff card data and PINs.
The vulnerabilities can also be used to make a fraudulent card transaction look like it’s been accepted when it hasn’t been, printing out a receipt to fool a salesclerk into thinking items have been successfully purchased.
Or an attacker can design a hack that would invalidate the chip-and-PIN card system, a security feature that is standard in Europe but only nascent in the U.S. It uses cards embedded with a chip and requires cardholders to enter a PIN to validate a transaction.
The hacks were demonstrated at the Black Hat Security conference last week by Rafael Dominguez Vega, a Spanish security researcher and consultant for MWR InfoSecurity, and a German researcher who goes by the name Nils, who is head of research for MWR. Nils cemented his security bona fides in 2009 when he hacked three browsers at the Pwn2own contest at the CanSecWest conference. 

[...]


--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Previous By Date Next
Previous By Thread Next

Current thread: