One code can hack 90% of all credit card readers
Posted by: Timothy Weaver on 04/30/2015 03:46 AM
[
Comments
]
Hard to believe, but 90% of all the credit card readers throughout the states use the same password.
Since 1990, the passcode was set as default to either 166816 or Z66816. What's amazing is that most retailers do not change it.
With that, an attacker can gain complete control of a store’s credit card readers, potentially allowing them to hack into the machines and steal customers’ payment data as reported by cybersecurity firm Trustwave.
Trustwave executive Charles Henderson explained that with this info, administrative access can be used to infect machines with malware that steals credit card data. He was giving a talk at the RSA cybersecurity conference in San Francisco and titled the talk: “That Point of Sale is a PoS.”
Manufacturerers sell them to distributers who in turn sell to retailers and no one thinks to change the passcode.
“No one is changing the password when they set this up for the first time; everybody thinks the security of their point-of-sale is someone else’s responsibility,” Henderson said. “We’re making it pretty easy for criminals.”
The vast majority of machines were made by Verifone. Verifone said retailers are “strongly advised to change the default password.” And nowadays, new Verifone devices come with a password that expires.
Although not a fault of the passcode, one example of a credit card hack was discovered by finding that the computer used for credit card processing was used by employees to play a pirated version of Guitar Hero, and accidentally downloaded the malware.
Source: Foxct
Since 1990, the passcode was set as default to either 166816 or Z66816. What's amazing is that most retailers do not change it.With that, an attacker can gain complete control of a store’s credit card readers, potentially allowing them to hack into the machines and steal customers’ payment data as reported by cybersecurity firm Trustwave.
Trustwave executive Charles Henderson explained that with this info, administrative access can be used to infect machines with malware that steals credit card data. He was giving a talk at the RSA cybersecurity conference in San Francisco and titled the talk: “That Point of Sale is a PoS.”
Manufacturerers sell them to distributers who in turn sell to retailers and no one thinks to change the passcode.
“No one is changing the password when they set this up for the first time; everybody thinks the security of their point-of-sale is someone else’s responsibility,” Henderson said. “We’re making it pretty easy for criminals.”
The vast majority of machines were made by Verifone. Verifone said retailers are “strongly advised to change the default password.” And nowadays, new Verifone devices come with a password that expires.
Although not a fault of the passcode, one example of a credit card hack was discovered by finding that the computer used for credit card processing was used by employees to play a pirated version of Guitar Hero, and accidentally downloaded the malware.
Source: Foxct
Comments
