Credit Card News
Advertising Disclosure
Credit-Land.com is an independent, advertising-supported web site. Credit-Land.com receives compensation from many credit card issuers whose offers appear on our site. Compensation from our advertising partners impacts how and where their products appear on our site, including, for example, the order in which they may appear within review lists. Credit-Land.com has not reviewed all available credit card offers in the marketplace.
Credit Card Applications » News » Other » Square Mobile Easy Prey for Hackers

Square Mobile Easy Prey for Hackers

By
Add to Favorites:
Square Mobile Easy Prey for Hackers

At the recent Black Hat Technical Security conference in Las Vegas, two researchers from the UK-based Research and Development Company, Aperture Labs, demonstrated the easy hackability of the Square payment system. Square is the mobile payment technology that turns any iPad, iPhone or Android mobile device into a point of sale credit card processor. It’s made possible just with the aid of a “pocket-sized credit card reader that plugs into your phone’s audio jack,” according to their website. Aperture Labs directors Adam Laurie and Zac Franken revealed not only one, but two, ways to commit credit card fraud using Square.

“The dongle is a skimmer. It turns any iPhone into a skimmer,” Laurie said at Black Hat, as reported by cnet.com. It makes life easier for thieves looking to clone a card because, “now you need less technical hardware to do it and no technical skills at all.” Therefore: nearly anyone with the right knowhow can become a criminal.

During a legitimate transaction, Square converts the data gleaned from the magnetic swipe strip on a credit card into an audio file, which is then transmitted for authorization to the card issuer. Laurie and Franken demonstrated how, by using a code that is relatively simple to generate, hackers can convert the data gathered from the stolen magnetic strips. They use a microphone to transform them into audio files, which can then be submitted for processing directly to the Square app, no card needing to be physically present.

The cloning of cards is also possible bysimilar means. The thief swipes a card to grab magnetic strip data, converting it into audio, then, using the same code as before, translates the audio into credit card information.

All this is feasible because Square’s card reader dongle doesn’t currently employ any means of encrypting or authenticating card data.

The Wall Street Journal reports that Aperture’s Laurie and Franken have disclosed the dongle’s vulnerability to Square several months ago and Laurie reassured those present at Black Hat that there’s no risk to people using Square. Franken claimed that Square is in the process of issuing new dongles that encrypt the data.

Add to Favorites:

Related News:

Best Buy Gets Chase Pay

By Dar Dowling, Posted: September 30, 2016

Best Buy carries everything from smartphones and TVs to computers and cameras – and now people who shop with them will be able to use Chase Pay when shopping online. Continue reading
Financial Optimism is Up, But So is Income Stress

By Dar Dowling, Posted: September 29, 2016

Are you feeling more hopeful, yet are still a bit worried about whether or not you're making enough money? Continue reading
MasterCard Send Makes a Splash

By Dar Dowling, Posted: September 28, 2016

MasterCard and Stripe have teamed up so that U.S. sellers using Stripe marketplaces, like Postmates, Instacart and iCracked, can opt to make instant payouts via the Stripe interface, using MasterCard Send. Continue reading
Get the latest news, articles and expert advice delivered to your inbox. It's FREE.
Get 0% Intro APR on Balance Transfers and Purchases for 21 months. After that, the APR will be 12.24%-22.24% based upon your creditworthiness.
For Excellent/Good Credit
1% cash back on select purchases, terms apply
For Fair Credit
Guaranteed $500 Unsecured Credit Limit
For Bad Credit