The German SRLabs claims that the pin devices the company Verifone weaknesses include that can make sure that exploits the pin of users can figure out. Also, financ lwa le transactions to be modified.
SRLabs) has carried out research with betaalapparaten from Verifone used in Germany. This is specific to the model Artema Hybrid. The conscious pin-modules, however, are found not only in Germany, but also in several Belgian stores. It is not clear whether the abuse of the discovered vulnerabilities is made, but the most well-known payment cards would be vulnerable to the hacked pin module.
According to SRLabs, under the guidance of the well-known German beveiligingsonderzoeker Karsten Nohl, were there in the firmware of the pin modules exploits discovered. Hackers can be by means of a buffer overflow own code run on the devices, providing map information such as the pin may be outdated. With the information gathered can a debit card be copied, that attackers, for example, money can take from an atm. Also, hackers may be able transactions using the pin module are made to adjust, or even neptransacties create.
The hack can be both remotely and locally to be carried out: according to the researchers, there is an exploit in the network stack, allowing a computer on the same network the pin-module can crack. It is also possible to hack through the serial or Jtag port on the device.
The association of German banks, the Deutsche Kreditwirtschaft, in a reaction by SRLabs published weaknesses to take seriously, but claims that it is mainly to theoretical possibilities. Verifone has promised the Artema Hybrid modules with new software.
