"Hackers Reportedly Exploited Wiseasy's Remote Control Dashboards to Compromise 140,000 Payment Terminals Worldwide"
Hackers stole remote control dashboard passwords and gained access to 140,000 Wiseasy payment terminals worldwide. Wiseasy, based in Singapore, is a popular Android payment terminal in the Asia-Pacific region, with offices in 114 countries. The device is widely used in retail establishments, hotels, restaurants, and schools. Buguard found the leaked credentials circulating on the dark web marketplace, with attackers actively accessing Wiseasy payment systems using the stolen information. According to Buguard's CTO, Youssef Mohamed, Wiseasy employee passwords were stolen from employees' computers through malware. The remote control dashboards were discovered to lack basic security features such as two-factor authentication (2FA). An investigation conducted by Wiseasy found that an old version of WiseCloud was involved in the incident. Attackers could use the remote control dashboards to unlock devices, install apps, remove apps, and gain access to the network payment terminals' Wi-Fi name and plaintext password. The remote dashboards could also be used by attackers to gain access to user permissions, add users, control payments, and make configuration changes. Furthermore, the remote control dashboards could access personal information stored on the payment terminals, such as names, phone numbers, and email addresses. This article continues to discuss findings regarding hackers' access to Wiseasy payment terminals using stolen Wiseasy passwords.