Security Researchers from Security Research Labs (SRLabs), have discovered Buffer Overflow vulnerability in the Germany’s Hypercom Artema Hybrid card terminal that allows hackers to steal take control of the device.
The vulnerability is critical because it doesn't require any physical tampering, the attackers can easily exploit the vulnerability via TCP/IP connection .
During an attack, criminals could make a customer believe that a payment transaction is taking place while they read the magnetic stripe data and log the PIN number entered by the customer.
The researchers demonstrated their discovery in a video and to show just how vulnerable the device is, they even installed a version of the popular PONG game on it. They also performed a demonstration on the German ARD TV channel.
The SRLabs researchers informed manufacturer VeriFone of the problem, and demonstrated the attack, back in March. However, the patching process didn’t go as the researchers expected so they decided to make their findings public, hoping that it would accelerate things, The H-online reports.
Deutsche KreditwirtschaftGerman, the German banking industry association that handles such issues, emphasises that duplicate cards with copies of magnetic stripes don't work at German cash points because of an anti-counterfeiting measure known as “machine-readable modulated".
Deutsche KreditwirtschaftGerman said duplicate cards with magnetic stripes cannot be used at cash points around the country but stolen data can be used abroad to cash out bank accounts.
Deutsche Kreditwirtschaft representatives claim that VeriFone promised to roll out software updates for all the affected terminals.
In the meantime,The SRLabs researchers have discovered a further problem that can't be fixed in this way. The processor's JTAG debug interface is located in a place so exposed that attackers could contact it from outside without breaking the housing or seal.