Flaws in card-reader technology can wreak havoc with point-of-sale systems
A researcher has found a collection of bugs that allow him to hack ATMs in a new way: with a wave of his phone over a contactless credit card reader.
Now Joseph Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems' firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data.
Rodriguez plans to share the technical details of the vulnerabilities in a webinar in the coming weeks, in part to push customers of the affected vendors to implement the patches that the companies have made available.
No comments: