hackers turn square readers into crime tools
Last Updated : GMT 05:17:37
Emiratesvoice, emirates voice
Emiratesvoice, emirates voice
Last Updated : GMT 05:17:37
Emiratesvoice, emirates voice

Hackers turn Square readers into crime tools

Emiratesvoice, emirates voice

Emiratesvoice, emirates voice Hackers turn Square readers into crime tools

John Moore and Alexandrea Mellen
San Francisco - AFP

Hackers on Thursday showed how to turn the latest model Square mobile payments readers into crime tools.

Independent security researchers and self-described hackers Alexandrea Mellen and John Moore were at the Black Hat computer security conference in Las Vegas to demonstrate hacks targeting Square software or the dongle that plugs into audio jacks to read credit card magnetic strips.

"We converted a Square Reader into a credit card skimmer in under 10 minutes," Mellen told AFP.

"Any layman could do it."

She said the hardware hack can be done with simple tools including a screwdriver, wire and soldering iron, and that most of the time involved was spent carefully popping open the reader that Square provides to users of its mobile payments application.

Inside the reader a wire is soldered between two points to bypass an encryption chip.

After that, unscrambled information from swiped credit cards can be collected, essentially stolen, to be sold on a black market or abused in other ways, according to Mellen.

- Playback attack -

On the software side, Moore provided details about a mobile application that enables a "playback attack" that lets merchants charge customs for bogus transactions in the weeks or months after legitimate purchases are consumated.

"We find this troubling because unless you are closely watching your credit card statements, you might not notice," said Moore, a recent Boston University graduate on his way to a job with Internet giant Google.

Moore said that he and Mellen, also a recent graduate of Boston University, targeted the Square Reader because the company headed by Twitter co-founder Jack Dorsey is a leader in a booming trend of using smartphones for real-world financial transactions.
"Square, given its size and a bug bounty program, is no easy target," Moore said.

"We suspect the vulnerabilities we found in Square might easily apply to other mobile point-of-sale service providers."

An array of major Internet firms offer cash rewards, or bounties, for software bugs that can be exploited by hackers.

New hardware and software is quickly being fielded in the competitive mobile payments market, with pressure on to keep plug-ins compact and inexpensive, according to Moore.

Mobile payments software needs to be compatible with a variety of mobile phones, which can't be secured as easily since they are used for many more purposes than making purchases.

Moore referred to the combination of factors as "a recipe for disaster."

The hackers said they made their findings available to San Francisco-based Square but are not convinced fixes are planned.

Moore said Square told him they were watching for the kinds of bogus transactions that could be generated by "playback" hacks.

"They have the information to see the swipe of the credit card was taken weeks ago," Moore said.

"They have chosen to monitor the behavior instead of preventing it."

 

GMT 01:15 2018 Wednesday ,24 January

Bollywood actor gets engaged to long-time girlfriend

GMT 08:31 2018 Monday ,22 January

Candypants appoints JPR Media Group

GMT 23:09 2018 Saturday ,20 January

Famed photographer Mario Testino accused

GMT 22:22 2018 Thursday ,18 January

Lebanon bans Spielberg film and adventurer biopic

GMT 19:44 2018 Thursday ,18 January

Michael Douglas, James Franco deny

GMT 19:39 2018 Thursday ,18 January

Hollywood gets party season started
Emiratesvoice, emirates voice
Emiratesvoice, emirates voice

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

hackers turn square readers into crime tools hackers turn square readers into crime tools

 



Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

hackers turn square readers into crime tools hackers turn square readers into crime tools

 



GMT 11:30 2012 Monday ,09 January

Mutah University workers demand pay raise

GMT 16:28 2011 Thursday ,29 December

Scottish universities ordered to widen access

GMT 13:14 2013 Tuesday ,19 March

Qatar’s al-Jazeera to launch UK, French channels

GMT 13:24 2014 Monday ,01 September

Pakistan anti-PM protesters storm state TV

GMT 08:54 2017 Friday ,28 July

Major terrorist plot foiled in Saudi Arabia

GMT 09:23 2017 Monday ,17 July

Tropical Storm,leaves one dead

GMT 13:02 2017 Thursday ,27 July

Iraqi army prepares for a new operation in Diyala

GMT 09:14 2012 Thursday ,16 August

Modern \'Reading Furniture\' range

GMT 05:37 2018 Monday ,08 January

Explosion at Syria jihadist base kills 23: monitor

GMT 23:00 2011 Monday ,19 December

Alessandra Ambrosio Tweets Behind The Scenes Photo

GMT 09:10 2017 Wednesday ,29 November

UN chief strongly condemns N. Korea missile launch

GMT 17:57 2016 Monday ,15 August

‘Godless’ scoops top prize at Swiss film fest

GMT 15:07 2016 Monday ,12 September

Denzel’s role in new movie makes him a kid again

GMT 11:32 2012 Thursday ,20 December

Funny film breaks box office boundaries

GMT 12:10 2011 Sunday ,19 June

Ukraine\'s Naftogaz estimates gas pipe network
 
 Emirates Voice Facebook,emirates voice facebook  Emirates Voice Twitter,emirates voice twitter Emirates Voice Rss,emirates voice rss  Emirates Voice Youtube,emirates voice youtube  Emirates Voice Youtube,emirates voice youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

emiratesvoieen emiratesvoiceen emiratesvoiceen emiratesvoiceen
emiratesvoice emiratesvoice emiratesvoice
emiratesvoice
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
emiratesvoice, Emiratesvoice, Emiratesvoice