Even though this “news” is felt round about middle age, nevertheless I just thought lets post it.
Everyone knows that the United States are well known for their excessive use of credit cards.
A cyber security company (Trustwave) within the U.S. found out almost every credit card reader can easily be hacked. 90% of the credit card readers that were actually tested can bypassed with their two different default passwords. The test was conducted with devices from round about 120 different rertailers. Even this post figured out that it is really not a secret. So I can publish or distribute them without any danger.
- 166816
- Z66816
These codes can be used to gain full access to the vulnerable credit card reader, so it is a really dangerous vulnerability. After the installation of any malware a hacker could do whatever he wants to do.
This is really sad for a cyber security interested person. Okay… it is actually not so sad like the remote code execution vulnerability which was published around the same time period. You can find the post right here: Paypal remote code execution
I will also include the video of the described vulnerability:
In my point of view the funniest fact of this research was the statement of Verifone (the company which manifactured most of the vulnerable devices) as an answer to Trustwave’s research:
[…] A password alone isn’t enough to infect machines with malware. Until now it has not witnessed any attacks on the security of its terminals based on default passwords.
Well… lets call this a quite reactive mindset. Even quite naive, but this really seems to be irrelevant.
Another good evidence of the “presence” of the InfoSec.
I would really appreciate your feedback, comments and thoughts regarding this topic.
Cheers,
Miau