- NG Firewall
Solutions by Industry
Solutions by Issue
The fact that the magnetic stripes found on everything from hotel keycards to credit cards are less than ideal in terms of security is not surprising. After all, the mass introduction of EMV chips in payment cards came about particularly because of the vulnerabilities inherent in swiping. However, during DEF CON this year, cybersecurity expert Weston Hecker showed how brute force attacks could be used to guess magnetic stripe information on the fly, which could lead to everything from hotel doors being forced open to malware being inserted into a point-of-sale terminal.
“From field observations, the brute force susceptibility appears to affect most any property management system that uses magstripe key cards, so it’s multi vendor,” Hecker said, according to eSecurity Planet.
Mobile device-based payment systems – think Apple Pay, Google Pay, etc. – are still nascent at the moment but they are rising in popularity. But, some of the features within mobile wallets are not as secure as they could be. During the conference this year, a hacker showed how it’s theoretically possible for someone to make up a fake token for Samsung Pay or intercept the unique identifiers belonging to someone else and then use it for purchases.
“If an attacker analyses the tokens very carefully, he/she could implement a guessing method,” said hacker Salvador Mendoza, according to ITProPortal.
But, Samsung refuted the findings as not significant. In particular, the device manufacturer noted that the distance needed to intercept a token makes it incredibly hard to pull off, and that making up a token that can be accepted is far from an easy feat.
As this year’s DEF CON illustrated, exploiting the IoT is becoming far more common. With the IoT rising in popularity, cybercriminals are increasingly seeking to exploit it. For those looking to adopt IoT devices, security and privacy must remain core concerns.
See what Untangle announced at DEF CON 24: