Friday, July 13, 2012

Researchers Find Serious Flaws in Popular Point-of-Sale System

VeriFone Systems' widely used Artema Hybrid point-of-sale system has been found by Security Research Labs in Germany to have several serious vulnerabilities which enable attackers to alter transactions, steal card data, and perform other malicious activity.

Image source: Nik Hewitt
The series of weaknesses discovered within some of the terminals gives attackers pathways into the system both remotely and via local interface. The bigger issue however is what an attacker can do after gaining access to the system. The most serious attack scenario would involve the attacker not only stealing data from a payment card, but modifying the transaction itself as well by changing the amount charged to the card.

VeriFone is currently investigating the situtation to determine the appropriate countermeasures and will release an update when further information is available. Read the details of the report in the Threatpost article.

No comments: