"SQUARE" card reader Vulnerability

Zac Franken, director at Aperture Labs, holds up the Square device for processing credit cards with a mobile device. His company has just discovered two ways to steal credit card data using Square.

 

Researchers at the Black Hat security conference today revealed two ways the Square payment system, which turns any iPhoneiPad or Android into a point-of-sale credit card processor, could be used for fraud.

Adam Laurie and Zac Franken, directors of Aperture Labs, discovered that they can transfer money from a stolen card into their bank account associated with Square without having to swipe a card through the Square dongle card reader. To do this, they used code written by Laurie that lets them feed magnetic stripe data from a stolen card into a microphone and convert it into a sound file. They then played that file--a series of beeps--into the Square device via a stereo cable which transmitted the data directly into the Square app.

 

Read more: http://news.cnet.com/8301-27080_3-20088441-245/researchers-find-avenues-for-fraud-in-square/#ixzz1UGxigUlv

or

http://www.engadget.com/2011/08/05/square-found-to-be-ripe-for-fraud-turned-into-card-skimmer/

Next >