Information Security News mailing list archives
Aloha point-of-sale terminal, sold on eBay, yields security surprises
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 18 Jul 2014 08:55:12 +0000 (UTC)
http://news.techworld.com/security/3531445/aloha-point-of-sale-terminal-sold-on-ebay-yields-security-surprises/ By Jeremy Kirk Techworld.com 18 July 2014Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal -- a brand of computerized cash register widely used in the hospitality industry -- on eBay for US$200.
Oh found an eye-opening mix of default passwords, at least one security flaw and a leftover database containing the names, addresses, Social Security numbers and phone numbers of employees who had access to the system.
His findings have received a fair amount of attention due to the role of such systems in high-profile data breaches at retailers including Target, Neiman Marcus and Michaels.
"What we found was that the overall state of security of the system was very poor," he wrote in a blog post describing his analysis.
[...] -- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- Aloha point-of-sale terminal, sold on eBay, yields security surprises InfoSec News (Jul 18)