"Researchers Warn of Security Vulnerabilities in These Widely Used Point-of-Sale Terminals"
Security vulnerabilities have been discovered in two widely used Point-of-Sale (PoS) terminals that could allow cybercriminals to conduct a number of malicious activities such as stealing credit card details, cloning terminals, and more. The vulnerabilities that exist in Verifone and Ingenico products used in millions of stores globally were detailed by independent researcher Aleksei Stennikov, and the head of offensive security research at Cyber R&D Lab Timur Yunusov at Black Hat Europe 2020. According to the researchers, one of the vulnerabilities impacting both brands stems from the use of default passwords, which could allow attackers to access service menus, manipulate code on machines, and run malicious commands. These security issues are said to have existed for at least ten years. Attackers could gain access to PoS devices to perform malicious activities physically or remotely. Once remote access is achieved, an attacker can execute arbitrary code, buffer overflows, and other techniques that can lead to the escalation of privileges, manipulation of devices, and data exposure. This article continues to discuss the source, potential exploitation, and impact of vulnerabilities found in PoS terminals, as well as how PoS device manufacturers responded to this discovery and how retailers can protect against attacks abusing PoS vulnerabilities.