[ISN] German security experts find major flaw in credit card terminals

From: InfoSec News <alerts_at_private>
Date: Mon, 16 Jul 2012 10:39:09 -0500 (CDT)
http://arstechnica.com/security/2012/07/german-security-experts-find-major-flaw-in-credit-card-terminals/

By Cyrus Farivar
Ars Technica
July 13, 2012

Two German security researchers have said that they can easily crack credit 
card readers made by VeriFone, one of the world’s top firms in payment 
infrastructure. Just this week, the company won a $35 million contract to 
provide payment terminals for all taxis in Washington, DC.

The accusation, which has yet to be confirmed by any independent groups (the 
technical details have not yet been released), could potentially affect 
approximately 300,000 such credit and bank card terminals across Germany, with 
a "handful in Austria." The attack is specific to the Artema Hybrid Terminal, 
which is sold under various brand names by VeriFone.

Karsten Nohl and Thomas Roth, of Security Research Labs, say that they have 
been in touch with VeriFone for six months and have provided technical aid to 
the company and a German government agency. They are now coming forward to put 
more pressure on the company -- and to raise awareness, “preferably before any 
criminal can reinvent these attacks.”

“Without some drastic publicity, I don't think that shopkeepers will know about 
it,” Nohl added.
--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Received on Mon Jul 16 2012 - 08:39:09 PDT

This archive was generated by hypermail 2.2.0 : Mon Jul 16 2012 - 08:42:37 PDT