Tag: POS

BAI Security Audit

Retail PoS Systems, Ancient Passwords – What You Need To Know Now

You’ve probably seen coverage of the big RSA reveal regarding the fact that point of sale devices from a specific vendor have used the same pre-set administrator password for the last quarter of a century. Security researchers Charles Henderson and David Byrne, at their RSA presentation, were the ones who shared this discovery. More troubling, according to Henderson and Byrne, 90% of the systems they see have retained that exact admin username and the password: 166816. You’d wonder why retailers aren’t changing the default admin and password when they deploy the system, but it seems like many assumed that the 166816 password was uniquely assigned to them. The PoS system in question is widely used, but the vendor isn’t the

Read More »
Malware

New Retail PoS Malware Discovered

A new malware family targeting point-of-sale (PoS) systems, is infecting machines in order to scrape [payment card iinformation from memory. The malware, dubbed PoSeidon, was initially spotted by researchers from Cisco’s Security Solutions (CSS) team. PoSeidon, like most point-of-sale Trojans, scans the RAM of infected terminals for unencrypted strings that match credit card information. End-to-end encryption technology would protect payment card data from these sorts of attacks, but few PoS terminals have this capability right now. Cisco’s researchers say that PoSeidon is comprised of a keylogger, a loader and a memory scraper that also has keylogging functionality. As one would expect, the keylogger is designed to steal credentials for the LogMeIn remote access application. It deletes encrypted LogMeIn passwords and

Read More »