Mobile POS Devices are Vulnerable to Attack
Published December 9, 2016
Mobile Point of Sale (MPOS) devices can be easily hacked, leaving banks, retailers and millions of customers exposed to serious fraud around the world, global information security firm MWR InfoSecurity has revealed at the SyScan security conference in Singapore.
Security researchers from MWR Labs, the research arm of the company, who in 2012 revealed critical vulnerabilities in Chip-and-Pin devices, demonstrated at the conference that it is possible to compromise MPOS terminals with multiple attacking techniques using micro USBs, Bluetooth and a malicious programmable smart card.
“What we have found reveals that criminals can compromise the MPOS payment terminal and get full control over it. This would allow an attacker to gather PIN and credit card data, and event change the software on the device so that it accepts illegitimate payments,” says Jon, Head of research at MWR InfoSecurity. “This shows that card holders paying at MPOS terminals worldwide are potentially at risk. Banks and retailers should also be wary when implementing this technology as it could leave them open to serious fraud.”