NFC Flaws in POS Devices and ATMs

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

Dave

Dave Jenkins, N1MXV
Sep 16, 2020
110
55
Gardner, MA (USA)
https://www.schneier.com/crypto-gram/archives/2021/0715.html#cg1

NFC Flaws in POS Devices and ATMs​

[2021.06.28] It’s a series of vulnerabilities:
Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader — rather than swipe or insert it — to make a payment or extract money from a cash machine. You can find them on countless retail store and restaurant counters, vending machines, taxis, and parking meters around the globe.
Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems’ firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message. Rodriguez says he can even force at least one brand of ATMs to dispense cash though that “jackpotting” hack only works in combination with additional bugs he says he’s found in the ATMs’ software. He declined to specify or disclose those flaws publicly due to nondisclosure agreements with the ATM vendors.
 

danlock

Well-known member
Sep 30, 2020
156
51
USA
Apparently, those systems really ARE POS systems. *rimshot*

Josep Rodriguez' method is much faster than using the Atari Portfolio DOS portable computer John Connor used in Terminator II for swiping and sorting to get a 4-digit PIN.
 
Last edited:
  • Haha
Reactions: Dave

rfrazier

Well-known member
Sep 30, 2020
270
82
@Dave I tend to agree. Way too much slime on the planet.

May your bits be stable and your interfaces be fast. :cool: Ron
 

RKaji

New member
Aug 3, 2021
1
0
Making online purchases can be as simple as entering in a credit card number and password. It may seem like a simple task, but one little trickster does when shopping online will leave a bad taste in your mouth.