Information Security News
mailing list archives
Aloha point-of-sale terminal, sold on eBay, yields security surprises
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 18 Jul 2014 08:55:12 +0000 (UTC)
By Jeremy Kirk
18 July 2014
Matt Oh, a senior malware researcher with HP, recently bought a single
Aloha point-of-sale terminal -- a brand of computerized cash register
widely used in the hospitality industry -- on eBay for US$200.
Oh found an eye-opening mix of default passwords, at least one security
flaw and a leftover database containing the names, addresses, Social
Security numbers and phone numbers of employees who had access to the
His findings have received a fair amount of attention due to the role of
such systems in high-profile data breaches at retailers including Target,
Neiman Marcus and Michaels.
"What we found was that the overall state of security of the system was
very poor," he wrote in a blog post describing his analysis.
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
- Aloha point-of-sale terminal, sold on eBay, yields security surprises InfoSec News (Jul 18)