Credit Card News
Advertising Disclosure
Credit-Land.com is an independent, advertising-supported web site. Credit-Land.com receives compensation from many credit card issuers whose offers appear on our site. Compensation from our advertising partners impacts how and where their products appear on our site, including, for example, the order in which they may appear within review lists. Credit-Land.com has not reviewed all available credit card offers in the marketplace.
Credit Card Applications » News » Other » Square Mobile Easy Prey for Hackers

Square Mobile Easy Prey for Hackers

By
Add to Favorites:
Square Mobile Easy Prey for Hackers

At the recent Black Hat Technical Security conference in Las Vegas, two researchers from the UK-based Research and Development Company, Aperture Labs, demonstrated the easy hackability of the Square payment system. Square is the mobile payment technology that turns any iPad, iPhone or Android mobile device into a point of sale credit card processor. It’s made possible just with the aid of a “pocket-sized credit card reader that plugs into your phone’s audio jack,” according to their website. Aperture Labs directors Adam Laurie and Zac Franken revealed not only one, but two, ways to commit credit card fraud using Square.

“The dongle is a skimmer. It turns any iPhone into a skimmer,” Laurie said at Black Hat, as reported by cnet.com. It makes life easier for thieves looking to clone a card because, “now you need less technical hardware to do it and no technical skills at all.” Therefore: nearly anyone with the right knowhow can become a criminal.

During a legitimate transaction, Square converts the data gleaned from the magnetic swipe strip on a credit card into an audio file, which is then transmitted for authorization to the card issuer. Laurie and Franken demonstrated how, by using a code that is relatively simple to generate, hackers can convert the data gathered from the stolen magnetic strips. They use a microphone to transform them into audio files, which can then be submitted for processing directly to the Square app, no card needing to be physically present.

The cloning of cards is also possible bysimilar means. The thief swipes a card to grab magnetic strip data, converting it into audio, then, using the same code as before, translates the audio into credit card information.

All this is feasible because Square’s card reader dongle doesn’t currently employ any means of encrypting or authenticating card data.

The Wall Street Journal reports that Aperture’s Laurie and Franken have disclosed the dongle’s vulnerability to Square several months ago and Laurie reassured those present at Black Hat that there’s no risk to people using Square. Franken claimed that Square is in the process of issuing new dongles that encrypt the data.

Add to Favorites:

Related News:

Amex Acquisition Increases Security

By Dar Dowling, Posted: December 9, 2016

American Express has bought InAuth, Inc., a company specializing in providing customers with mobile device authentication and intelligence solutions. Continue reading
Citi Card Tracker Unveiled

By Dar Dowling, Posted: December 8, 2016

There is a new feature in town now that Citi credit cardholders in the U.S. can track where their replacement card is every step of the way as it travels to their mailbox. This new feature is available in the Citi Mobile App, whether the ... Continue reading
New Digital Wallet From SDCCU

By Dar Dowling, Posted: December 7, 2016

The San Diego County Credit Union (SDCCU) is rolling out their brand new digital wallet app for iPhone users. With the app people can use their phone to safely do their banking, whether that means using their phones to expedite cash ... Continue reading
Get the latest news, articles and expert advice delivered to your inbox. It's FREE.
Get 0% Intro APR on Balance Transfers and Purchases for 21 months. After that, the APR will be 12.24%-22.24% based upon your creditworthiness.
For Excellent/Good Credit
Earn 1% cash back on gas and grocery purchases. Terms apply.
For Fair Credit
Guaranteed $500 Unsecured Credit Limit
For Bad Credit