Here's some more fun out of Vegas, this time involving Jack Dorsey's Square
and a little thing we like to call credit card fraud. Researchers from Aperture Labs (seriously) held two demonstrations at the Black Hat Conference
. The first used a script, written by Adam Laurie, to convert stolen credit card data into a series of audio tones that were then fed to the Square app via the headphone jack on a phone -- removing the need to have a physical card. A second avenue of fraud, also using code authored by Laurie, turned the Square dongle into a skimmer. It intercepted incoming data, which is unencrypted, and spit out human readable numbers that could easily be used to clone a card. New hardware
that encrypts information pulled from the magnetic strip is in the pipeline but, until then, it seems everyone's favorite smartphone-based payment service has some troublesome holes to fill.