Arab Today, arab today hackers turn square readers into crime tools
Last Updated : GMT 02:33:04
Arab Today, arab today
Arab Today, arab today

In under 10 minutes

Hackers turn Square readers into crime tools

Arab Today, arab today

Arab Today, arab today Hackers turn Square readers into crime tools

John Moore and Alexandrea Mellen attend a Black Hack computer security conference
Las Vegas - Arab Today

Hackers on Thursday showed how to turn the latest model Square mobile payments readers into crime tools.

Independent security researchers and self-described hackers Alexandrea Mellen and John Moore were at the Black Hat computer security conference in Las Vegas to demonstrate hacks targeting Square software or the dongle that plugs into audio jacks to read credit card magnetic strips.

"We converted a Square Reader into a credit card skimmer in under 10 minutes," Mellen told AFP.

"Any layman could do it."

She said the hardware hack can be done with simple tools including a screwdriver, wire and soldering iron, and that most of the time involved was spent carefully popping open the reader that Square provides to users of its mobile payments application.

Inside the reader, a wire is soldered between two points to bypass an encryption chip.

After that, unscrambled information from swiped credit cards can be collected, essentially stolen, to be sold on a black market or abused in other ways, according to Mellen.

- Playback attack -

On the software side, Moore provided details about a mobile application that enables a "playback attack" that allows merchants to charge customs for bogus transactions in the weeks or months after legitimate purchases are completed.

"We find this troubling because unless you are closely watching your credit card statements, you might not notice," said Moore, a recent Boston University graduate on his way to a job with Google.

Moore said that he and Mellen, also a recent Boston University graduate, targeted the Square Reader because the company, headed by Twitter co-founder Jack Dorsey, is a leader in a booming trend of using smartphones for real-world financial transactions.

"Square, given its size and a bug bounty program, is no easy target," Moore said.

"We suspect the vulnerabilities we found in Square might easily apply to other mobile point-of-sale service providers."

An array of major Internet firms offer cash rewards, or bounties, for software bugs that can be exploited by hackers.

New hardware and software is quickly being fielded in the competitive mobile payments market, with pressure on to keep plug-ins compact and inexpensive, according to Moore.

Mobile payments software needs to be compatible with a variety of mobile phones, which can't be secured as easily since they are used for many more purposes than making purchases.

Moore referred to the combination of factors as "a recipe for disaster."

The hackers said they made their findings available to San Francisco-based Square but are not convinced fixes are planned.

Moore said Square told him they were watching for the kinds of bogus transactions that could be generated by "playback" hacks.

"They have the information to see the swipe of the credit card was taken weeks ago," Moore said.

- Credit cards need upgrade -

In a statement to AFP, Square put the fault on credit cards that continue to rely on storing data on magnetic strips, the technology for which dates back to the bygone era of cassette tapes.

"It should not surprise us that a system using essentially the same technology as cassette tapes is vulnerable," a Square spokesperson said.

"That is why major credit card companies, lenders and businesses are now embracing new, more secure, authenticated payment technologies."

Those technologies include embedding cards with chips that transmit data wirelessly to sensors at checkouts.

Square maintained that any credit card reader on the market could be tampered with, but that the company takes precautions to protect cards swiped on unencrypted readers.

"We have processes in place to prevent malicious behavior on damaged readers," Square said.

"If our encrypted readers are damaged, they will not work with Square."
Source: AFP

arabstoday
arabstoday

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

Arab Today, arab today hackers turn square readers into crime tools Arab Today, arab today hackers turn square readers into crime tools

 



Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

Arab Today, arab today hackers turn square readers into crime tools Arab Today, arab today hackers turn square readers into crime tools

 



Arab Today, arab today
Arab Today, arab today Designer Aql Faqih aspires to innovation

GMT 18:41 2017 Friday ,20 October

Designer Aql Faqih aspires to innovation
Arab Today, arab today What's the reason and what you can do

GMT 05:44 2017 Sunday ,22 October

What's the reason and what you can do
Arab Today, arab today Etiquette expert underlines importance of gifts

GMT 17:52 2017 Sunday ,03 September

Etiquette expert underlines importance of gifts
Arab Today, arab today Syrian children die of hunger

GMT 19:25 2017 Sunday ,22 October

Syrian children die of hunger
Arab Today, arab today Hiring not part of Alibaba pledge

GMT 11:26 2017 Wednesday ,18 October

Hiring not part of Alibaba pledge
Arab Today, arab today
Arab Today, arab today
Arab Today, arab today World's deepest lake in peril

GMT 15:54 2017 Friday ,20 October

World's deepest lake in peril
Arab Today, arab today Ex-French minister Dati wants tough action

GMT 10:54 2017 Thursday ,19 October

Ex-French minister Dati wants tough action
Arab Today, arab today Delhi braces for pollution 'airpocalypse'

GMT 16:07 2017 Friday ,20 October

Delhi braces for pollution 'airpocalypse'
Arab Today, arab today The history of solar eclipses

GMT 05:16 2017 Sunday ,20 August

The history of solar eclipses
Arab Today, arab today EU raids automaker BMW

GMT 11:06 2017 Saturday ,21 October

EU raids automaker BMW
Arab Today, arab today Sweden to get biggest car factory

GMT 14:10 2017 Friday ,20 October

Sweden to get biggest car factory
Arab Today, arab today Actress Mona Zaki praises husband’s role

GMT 08:15 2017 Thursday ,19 October

Actress Mona Zaki praises husband’s role
Arab Today, arab today Massacre fears spark race

GMT 19:09 2017 Thursday ,19 October

Massacre fears spark race

GMT 08:57 2017 Wednesday ,18 October

Actress Shery Adel happy for Egypt’s qualification

GMT 18:15 2017 Monday ,16 October

British actress becomes fifth woman

GMT 16:53 2017 Tuesday ,05 September

Youssra depended on colored foam

GMT 16:00 2017 Wednesday ,18 October

Climate-disrupting volcanoes helped topple

GMT 10:46 2017 Saturday ,05 August

Nanis reveals simple ideas for home renovation

GMT 10:18 2017 Saturday ,21 October

How to do open-heart surgery

GMT 13:44 2017 Friday ,20 October

Barcelona through George Orwell’s eyes

GMT 17:12 2017 Monday ,07 August

Al-Shawaifi reveals secrets of total solar eclipse

GMT 20:46 2017 Thursday ,19 October

Qualcomm files lawsuits in China to ban iPhones

GMT 16:53 2017 Saturday ,02 September

Mai importance of gifts during Eid Al-Adha
Arab Today, arab today
Arab Today, arab today
 
 Arab Today Facebook,arab today facebook  Arab Today Twitter,arab today twitter Arab Today Rss,arab today rss  Arab Today Youtube,arab today youtube  Arab Today Youtube,arab today youtube
arabstoday arabstoday arabstoday arabstoday
arabstoday arabstoday arabstoday
arabstoday
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
arabstoday, Arabstoday, Arabstoday