Games Installed On Payment Pinpads
Three models of Vodafone payment terminals were owned by researchers presenting at DefCon last week.
According to Wired.com, researchers Rafael Dominguez Vega, a Spanish security researcher and consultant for MWR InfoSecurity, and Nils, a German researcher who is head of research for MWR, purchased the three models of payment terminals on eBay. In addition to adding malicious code, Wired.com reports that the vulnerabilities allow for a fraudulent card transaction to appear to be authorized by the bank, even printing out a receipt to appear that items have been purchased. Two of the terminals use Chip-n-Pin, an anti-fraud measure used outside the US that requires a chip embedded on a card to match a pin typed in by the customer.
Earlier this year, other researchers found that other Vodafone terminals were also vulnerable to attack.
To prove the weaknesses exist, the DefCon researchers Vega and Nils loaded an ASCII racing game on the devices. Watch the video here:
Vodafone told Wired.com that the company is looking into the claims.