Monday, November 4, 2024
HomeCyber Security NewsFlaws with PoS Terminals Let Attackers Execute Arbitrary Code

Flaws with PoS Terminals Let Attackers Execute Arbitrary Code

Published on

Malware protection

Researchers describe the intense vulnerabilities in the two biggest Point of Sales (PoS) vendors, Verifone, and Ingenico. The affected devices are Verifone VX520, Verifone MX series, and the Ingenico Telium 2 series.

“Through the use of default passwords, it was able to execute arbitrary code through binary vulnerabilities (e.g., stack overflows, and buffer overflows). These PoS terminal weaknesses enable an attacker to send arbitrary packets, clone cards, clone terminals, and install persistent malware”, said researchers with the Cyber R&D Lab team, in a new analysis of the flaws this week.

PoS terminals are devices that read payment cards such as credit or debit cards. Of note, the affected devices are PoS terminals, the device used to process the card as opposed to PoS systems, which include the cashier’s interaction with the terminal as well as the merchants’ inventory and accounting records.

- Advertisement - SIEM as a Service

Security Issues in PoS Terminals

Two main security issues have been disclosed in PoS terminals. The main issue is that they ship with default manufacturer passwords, which Google research can simply reveal.

Researchers said, “Those credentials provide access to special ‘service modes,’ where hardware configuration and other functions are available”.

While looking closer to the ‘service modes’, they contain ‘undeclared functions’  after tearing down the terminals and extracting their firmware. These functions enable execution of arbitrary code through binary vulnerabilities (e.g., stack overflows, and buffer overflows) in Ingenico and Verifone terminals, said the researchers.

Attackers could leverage these flaws to launch an array of attacks. For instance, the arbitrary code-execution issue could allow attackers to send and modify data transfers between the PoS terminal and its network.

Attackers could read the data, allowing them to copy people’s credit card information and ultimately run fraudulent transactions.

“Attackers can forge and alter transactions. They can attack the acquiring bank via server-side vulnerabilities, for example in the Terminal Management System (TMS). This invalidates the inherent trust given between the PoS terminal and its processor”, say the researchers.

Conclusion

Researchers reached out to both Verifone and Ingenico, and patches for the problems have since been issued. In Nov 2020 PCI has released an urgent update of Verifone terminals across the globe.

Scientists said it took practically two decades to accomplish Ingenico and receive a confirmation of that fix.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

ModPipe Malware Steals Sensitive Information from Oracle POS Software used by Hundreds of Thousands of Hotels

Undetectable ATM “Shimmers” Hacker’s Latest Tool for Steal your Chip Based Card Details from POS Terminal

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...