Friday, May 2, 2025
HomeCyber Security NewsFlaws with PoS Terminals Let Attackers Execute Arbitrary Code

Flaws with PoS Terminals Let Attackers Execute Arbitrary Code

Published on

SIEM as a Service

Follow Us on Google News

Researchers describe the intense vulnerabilities in the two biggest Point of Sales (PoS) vendors, Verifone, and Ingenico. The affected devices are Verifone VX520, Verifone MX series, and the Ingenico Telium 2 series.

“Through the use of default passwords, it was able to execute arbitrary code through binary vulnerabilities (e.g., stack overflows, and buffer overflows). These PoS terminal weaknesses enable an attacker to send arbitrary packets, clone cards, clone terminals, and install persistent malware”, said researchers with the Cyber R&D Lab team, in a new analysis of the flaws this week.

PoS terminals are devices that read payment cards such as credit or debit cards. Of note, the affected devices are PoS terminals, the device used to process the card as opposed to PoS systems, which include the cashier’s interaction with the terminal as well as the merchants’ inventory and accounting records.

- Advertisement - Google News

Security Issues in PoS Terminals

Two main security issues have been disclosed in PoS terminals. The main issue is that they ship with default manufacturer passwords, which Google research can simply reveal.

Researchers said, “Those credentials provide access to special ‘service modes,’ where hardware configuration and other functions are available”.

While looking closer to the ‘service modes’, they contain ‘undeclared functions’  after tearing down the terminals and extracting their firmware. These functions enable execution of arbitrary code through binary vulnerabilities (e.g., stack overflows, and buffer overflows) in Ingenico and Verifone terminals, said the researchers.

Attackers could leverage these flaws to launch an array of attacks. For instance, the arbitrary code-execution issue could allow attackers to send and modify data transfers between the PoS terminal and its network.

Attackers could read the data, allowing them to copy people’s credit card information and ultimately run fraudulent transactions.

“Attackers can forge and alter transactions. They can attack the acquiring bank via server-side vulnerabilities, for example in the Terminal Management System (TMS). This invalidates the inherent trust given between the PoS terminal and its processor”, say the researchers.

Conclusion

Researchers reached out to both Verifone and Ingenico, and patches for the problems have since been issued. In Nov 2020 PCI has released an urgent update of Verifone terminals across the globe.

Scientists said it took practically two decades to accomplish Ingenico and receive a confirmation of that fix.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

ModPipe Malware Steals Sensitive Information from Oracle POS Software used by Hundreds of Thousands of Hotels

Undetectable ATM “Shimmers” Hacker’s Latest Tool for Steal your Chip Based Card Details from POS Terminal

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...