Home page logo

isn logo Information Security News mailing list archives

Aloha point-of-sale terminal, sold on eBay, yields security surprises
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 18 Jul 2014 08:55:12 +0000 (UTC)


By Jeremy Kirk
18 July 2014

Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal -- a brand of computerized cash register widely used in the hospitality industry -- on eBay for US$200.

Oh found an eye-opening mix of default passwords, at least one security flaw and a leftover database containing the names, addresses, Social Security numbers and phone numbers of employees who had access to the system.

His findings have received a fair amount of attention due to the role of such systems in high-profile data breaches at retailers including Target, Neiman Marcus and Michaels.

"What we found was that the overall state of security of the system was very poor," he wrote in a blog post describing his analysis.


Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/

  By Date           By Thread  

Current thread:
  • Aloha point-of-sale terminal, sold on eBay, yields security surprises InfoSec News (Jul 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]