An Android app developed by IOActive's Josep Rodriguez exploits flaws in near-field communication (NFC) systems, enabling ATMs and a variety of point-of-sale terminals to be hacked by waving a smartphone over a contactless credit card reader.
Rodriguez said his app was able to force at least one ATM brand to dispense cash, but only in combination with other flaws in the ATM's software.
The researcher added that the point-of-sale vulnerabilities allow you to "modify the firmware and change the price to $1, for instance, even when the screen shows that you're paying $50. You can make the device useless, or install a kind of ransomware. There are a lot of possibilities here."
The findings have been disclosed to the affected vendors, but Rodriguez acknowledged that physically patching hundreds of thousands of affected terminals and ATMs "would require a lot of time."
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA