Source: http://www.engadget.com/2011/08/05/square-found-to-be-ripe-for-fraud-turned-into-card-skimmer/
Here's some more fun out of Vegas, this time involving Jack Dorsey's Square and a little thing we like to call credit card fraud. Researchers from Aperture Labs (seriously) held two demonstrations at the Black Hat Conference. The first used a script, written by Adam Laurie, to convert stolen credit card data into a series of audio tones that were then fed to the Square app via the headphone jack on a phone -- removing the need to have a physical card. A second avenue of fraud, also using code authored by Laurie, turned the Square dongle into a skimmer. It intercepted incoming data, which is unencrypted, and spit out human readable numbers that could easily be used to clone a card. New hardware that encrypts information pulled from the magnetic strip is in the pipeline but, until then, it seems everyone's favorite smartphone-based payment service has some troublesome holes to fill.Black Hat hackers demo Square card skimmer, feed it stolen credit card numbers originally appeared on Engadget on Fri, 05 Aug 2011 17:17:00 EDT. Please see our terms for use of feeds.
Permalink | CNET | ! Email this | Comments