Square Card Reader Hack Turns It Into A Credit Card Data Skimmer
The Square Reader is a credit card payment-related device that converts devices into mobile payment stations, wherein you can swipe a credit card on the device and let it charge you the way you would have got charge from a regular credit card machine. Unfortunately, in spite of its convenience, that may be about to change.
Security researchers have disclosed that how they were able to hack the Reader, which is used to turn iPads and iPhones into mobile point of sale terminals for merchants, making it capable of stealing credit card information from customers.
During a valid sale, a malicious merchant or third party can record several extra encrypted swipes of a credit card,” explained the researchers on Hacker One. “Provided the data from extra swipes is not sent to Square’s servers, they can then play these recordings back into the Square Register app at a much later time, even out of order, in order to initiate and complete fraudulent transactions at a later date.”
The credit card data that is being transferred to the smartphone that it is used on is basically protected by the encryption. This could make the customers believe that they are swiping on a regular Square Reader, without the slightest hint that their details are getting stolen.
The disadvantage of the Square’s servers are that they do not validate the device’s transaction count, which means that the card details can be recorded and used at a later time without the company knowing that something is amiss.
It is not a uncomplicated and easy hack to carry out, nor it is easy to use after the event. According to Square, a tampered Reader won’t work with the Square app, and in spite of that each malicious swipe can be managed only once before it goes away into the thin air. However, this may not prevent an enterprising yet wicked retailer from using the susceptibility to obtain your card details.
In short, it is advisable to keep an eye on the app that you use to carry out the transactions when you shop in more established locations. Also, do not hand over your card, if the app looks like a piece of third-party software.