View Full Version : Robbing a Gas Station: The Hacker Way

06-08-2013, 04:07 PM
Thieves of the future will look back on todayís stick-up artists and have a good old belly laugh. Why would anyone ever rob a cashier with a gun, when all that is needed is a smartphone?

Matt Bergin, a security consultant at Core Security, discovered he could hack a cash register remotely, popping it open, by sending two digits from his smartphone to the service running on the cash registerís point-of-sale system. No gun or holdup note was required. He was able to do so through a vulnerability in Xpient, which makes point-of-sale software that runs on cash drawers.


06-08-2013, 06:24 PM

The insecurity of a new contactles card payment system here has featured on at least two BBC consumer affairs programmes. Understandably they emphasis the ordinary customer being vulnerable, even a person passing a terminal. I expect criminals will be studying what they can gain, but to date the purchase limit is very low (about US$15 IIRC).

Marks & Spencer have equipped their tills with not just card readers but with dual function M&S card readers. They accept contactless cards in the same terminal as normal Chip and PIN transactions. But who decides which card is used to pay? The customer - or the terminal? Many listeners tell us the machine takes the payment from a random contactless card in their wallet before they put their chosen card into the machine.


06-14-2013, 06:58 PM
Welcome to the Cyber-Punk Reality of Today. May I suggest some reading music (http://youtu.be/Vt0q6uflFMU) for this:

A group of hackers and identity thieves has been charged with stealing at least $15 million from 15 financial companies, among them JPMorgan Chase (JPM), Citigroup (C), E*Trade (ETFC), PayPal (EBAY), TIAA-CREF, and TD Ameritrade (AMTD). The perpetrators of the scheme, which operated for nearly two years, were a group of hackers led by two Ukrainian nationals, according to authorities. Eight men have been charged, and four are in custody, reports The LA Times.