Hackers Turn Square Card Reader into Portable Skimmer
Credit card thieves may now have an easier way to steal card numbers, thanks to a hacking opportunity that was uncovered on the Square portable card reader. The hack essentially turns off the encryption settings on the reader, allowing users to steal the credit card information swiped on the dongle, allowing thieves to then use the card without your permission.
This is scheduled to be demonstrated this week at The Black Hat Security conference taking place in Las Vegas.
This new hack has two sides. In one scenario, a hacker may modify the Square reader to not encrypt information. Square’s official app will not work with a modified reader, but a person can create an app to go along with it. In the second scenario, a hacker can record the signal sent from your card to an unmodified reader so he can make fake swipes long after you’re gone. In either event, your card is vulnerable to identity theft.
Square was quick to respond about the accusations, saying that, “Any card reader on the market can be deconstructed. The chip could be crushed and then reassembled by using the undamaged shell of the reader. At Square, we have processes in place to prevent malicious behavior on damaged readers.”
While the move to EMV credit cards may help eliminate problems like this in the future, recent studies show that nearly half of all major businesses do not have plans in place to switch to chip and PIN. In fact, 42% of small business owners–those who Square actually targets through its program–have no plans for switching to EMV technology at this time. 58% of businesses said the liability risks to come after the deadline “will have limited or no impact on their company’s bottom line.”
Weaknesses like the one discovered on the Square reader will continue to be an issue until the entire country transitions to a more secure credit card solution.