Payment Terminals Hacked and Used to Steal Credit Card Information, and Play Games

Image from northernleasingequipment.com

Image from northernleasingequipment.com

Researchers have shown off a way to hack into commonly used UK Point of Sale POS terminals and use a chip-and-pin card crafted with malicious code that enabled them to install a racing game and play it, using the machine’s pin pad and screen.

With that same hack the researchers demonstrated a much worse reason to hack the terminals. They can inject a Trojan virus in the terminal that could record card and PIN numbers, which could then be extracted later by inserting another rogue card.

The researchers then used the same method to fool the terminal into thinking a transaction was bank-approved. Allowing them to go to a store and load up whatever they may want and walk out without paying for anything and the store workers along with the POS terminal don’t know anything has happened.

Finally, the security researchers took a device that is popular in the US, and used non-encrypted ethernet communication between the terminal and other peripherals to hack into the payment device and take root control of the stores system.

Image from novell.com

Image from novell.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s