Tuesday, August 04, 2015

Hacks turn Square's reader into a card-stealing machine

Source: http://www.engadget.com/2015/08/03/square-reader-card-skimming-hack//

Square's reader on an iPad

As helpful as a Square Reader may be for purchases at trendy stores, you'll want to watch out -- in the right circumstances, they can also be used to steal your credit card info. Security researchers have discovered that you can physically disable the encryption the device uses to protect your financial info, turning the Reader into a tiny, portable card skimmer. There's also a way to record the signal created by your card when you swipe its magnetic stripe on an unmodified Reader, which theoretically lets evildoers charge your card without approval.

Square is quick to note that an altered Reader won't work with the official app, and that it's not possible to handle a stored swipe "more than once." However, this assumes that you're paying attention to the apps in use when you're buying goods. An enterprising criminal could develop unofficial software that looks legit, but hides skimming code underneath. While it's not very likely that you'll run into one of these tweaked scanners in the wild, it's worth keeping an eye on your credit card statement if that sketchy shop clerk breaks out a Reader to complete a sale.

Filed under: , , ,

Comments

Via: Motherboard

Source: Black Hat, HackerOne

Tags: cardskimmer, mobilepostcross, peripherals, reader, retail, security, shopping, skimmer, skimming, square, squarereader