point of sale – Noise https://noise.getoto.net The collective thoughts of the interwebz Fri, 25 Jun 2021 13:55:50 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 NFC Flaws in POS Devices and ATMs https://noise.getoto.net/2021/06/28/nfc-flaws-in-pos-devices-and-atms/ Mon, 28 Jun 2021 11:53:45 +0000 https://www.schneier.com/?p=63401 It’s a series of vulnerabilities:

Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader — rather than swipe or insert it — to make a payment or extract money from a cash machine. You can find them on countless retail store and restaurant counters, vending machines, taxis, and parking meters around the globe...

]]> Interesting Attack on the EMV Smartcard Payment Standard https://noise.getoto.net/2020/09/14/interesting-attack-on-the-emv-smartcard-payment-standard/ Mon, 14 Sep 2020 11:21:36 +0000 https://www.schneier.com/?p=60190 It’s complicated, but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.

From a news article:

The researchers were able to demonstrate that it is possible to exploit the vulnerability in practice, although it is a fairly complex process. They first developed an Android app and installed it on two NFC-enabled mobile phones. This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. Incidentally, the researchers did not have to bypass any special security features in the Android operating system to install the app...

]]>