Point of Sale (PoS) vulnerabilities would allow theft and cloning of millions of credit cards worldwide

Cybersecurity specialists have revealed the finding of various vulnerabilities in the point of sale (PoS) terminals of two of the most important manufacturers of these devices. Exploiting these vulnerabilities would allow the theft and cloning of credit cards, among other attacks.

According to experts Aleksei Stennikov and Timur Yunusov, these flaws affect products developed by Ingenico and Verifone, used in millions of stores around the world. The vulnerabilities were reported to vendors, who released the patches required to mitigate exploit risks, although there could still be thousands of facilities vulnerable to an attack.

One of the main issues affecting the two companies is the use of default passwords, which could allow threat actors to access privileged functions such as changing code on devices to execute malicious commands. Specialists believe these flaws have existed for at least a decade, although other specific problems could be considered original design flaws dating back 20 years.

Malicious hackers could access these devices and deploy two attack variants: In the first scenario, criminals would physically access the terminal to execute arbitrary code, generate buffer overflows, among other flaws. Moreover, the second attack can be deployed remotely to fully compromise the affected system.

Remote access is possible if an attacker gains access to the network through phishing or another attack and then moves freely across the network to the PoS terminal. It’s important to remember that PoS devices are computers, so threat actors could access their networks through these devices.

The way the PoS terminal communicates with the rest of the network means that threat actors could access non encrypted data card data, including Track2 and PIN information, providing all the information needed to steal and clone payment cards.

According to specialists, to protect against attacks involving these PoS vulnerabilities, users of these machines must periodically verify that their systems have the latest updates, as well as avoid the use of default passwords.