Casa > cibernético Notícias > Mobile PoS Vulnerabilities Impact Paypal, Quadrado, SumUp
CYBER NEWS

PoS Vulnerabilidades Paypal Impacto móvel, Quadrado, SumUp

Uma descoberta alarmante foi feita recentemente durante a conferência Black Hat, realizada em Las Vegas. Pesquisadores de segurança de Tecnologias positivos relatou que as vulnerabilidades em SOMP (móvel Point-of-Sale) machines allow attackers to take over customer accounts and steal credit card data. Affected vendors include Square, SumUp, iZettle, and PayPal.




As reported by researchers Leigh-Anne Galloway and Tim Yunusov, attackers could alter the amount charged to a credit card. They are also capable of other misdeeds such as forcing customers to use other payment methods, like magstripe. The latter can be compromised more easily than chips for the purpose of data exfiltration, pesquisadores explicam.

Mobile PoS Vulnerabilities Allow Attackers to Tamper with Values, Transactions

The research team uncovered a number of flaws in endpoint payment systems some of which could lead to MiTM attacks. Other attack vectors built on the exploit of these flaws include the transfer of arbitrary code via Bluetooth and mobile apps, as well as tampering with magstripe transactions.

All of these attacks are possible due to the way mPoS systems function – via Bluetooth to connect to mobile apps and then send the data to payment provider servers. By intercepting these communications it becomes possible to manipulate values and obtain access to transaction traffic.

Além do mais, attackers can remotely execute code on compromised hosts and gain full access to the operating systems of card readers. The list of malicious activities based on these vulnerabilities is rather long. Attackers can also alter purchases, change their values or make some transactions look like they have been declined.

Story relacionado: Prilex PoS Malware tem tudo cibercriminosos Necessidade

One of the researchers, Leigh-Anne Galloway, explained that:

Currently there are very few checks on merchants before they can start using a mPOS device and less scrupulous individuals can, Portanto, essentially, steal money from people with relative ease if they have the technical know-how. Assim sendo, providers of readers need to make sure security is very high and is built into the development process from the very beginning.

In addition to the mPoS vulnerabilities, Os pesquisadores also reported two other vulnerabilities, identified as CVE-2017-17668 and CVE-2018-5717, that impact ATMs manufactured by NCR.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...