At Black Hat: Square Reader To Credit Card Skimmer In 10 Minutes

New submitter arit writes with word that three recent Boston University grads have demonstrated at Black Hat software and hardware attacks on the Square Reader used by many mobile vendors to process credit card transactions. One of the attacks converts a standard reader into an efficient credit card skimmer (conference slides) with very little effort. Always keep Scott Adams' object lesson in mind.

Card Readers are Card Skimmers

We have card readers attached to our pay-for-print release stations. Turns out if you open Notepad on the release station, the card reader instantly becomes a card skimmer, because, well, card readers read cards.

Black Hat for Noobs now?

[Lumpy]

The square reader to skimmer trick has been around for YEARS. Cripes all you had to do was record the audio and send the audio files to your skimmer.

Pretty sad that Black Hat has turned into a n00b conference. Was there also a talk on how you can use keyloggers?

Honestly, is anybody surprised?

[gstoddart]

Did anybody expect us to believe something you plugged into a cell phone speaker jack was actually secure in any sense of the word?

Here's a good rule of thumb: if it's a piece of consumer electronics, or involves your phone ... it's probably got terrible security.

The first time I saw a commercial for that I pretty much said "yeah, I would not trust a vendor who uses one of those".

The damned thing is almost guaranteed to be something which can be exploited. Sadly, just like every other piece of consumer electronics which tries to add network connectivity.

Companies don't care about, don't know about, and aren't accountable for security. Stop trusting that they do.