Ten minutes to hack a mobile payment terminal

The Black Hat conference in the US is an opportunity for security researchers and hackers who work for “good cause” to demonstrate the vulnerability of some widely used devices. Thursday, August 6, Alexandra Meller and John Moore proved the vulnerability of mobile payment terminals of the company Square, all in ten minutes.

Photo credit: HackerNews

Hacking a bank card reader

At a recent lectures in Las Vegas around cybersecurity, two researchers, Alexandra Meller, independent researcher John Moore and demonstrated that it was possible to hack a bank card reader from the company Square in ten minutes. Square offers free small US businesses a payment terminal connected to the smartphone to address the high costs of conventional mobile payment terminals. It is thus possible transactions without subscription, for a percentage of banking.

The concern is that this simple tool can be hacked using a soldering iron, a screwdriver and a cable. It apparently just open the bank card reader, then solder a wire between two points to bypass the encryption chip. Once this is done, the data of any card that is inserted in the terminal can be potentially diverted and used for malicious purposes. It would, according to researcher John Moore, also possible to charge false purchasing from a traditional transaction. Security holes Square which was alerted. The company will provide more secure solutions and distribute a terminal less vulnerable, knowing that it is distributed free to those who wish to have a bank terminal available cheaply.