Latest in Cardskimmer

Image credit:

Hacks turn Square's reader into a card-stealing machine (updated)

13 Shares
Share
Tweet
Share
Save

Sponsored Links

As helpful as a Square Reader may be for purchases at trendy stores, you'll want to watch out -- in the right circumstances, they can also be used to steal your credit card info. Security researchers have discovered that you can physically disable the encryption the device uses to protect your financial info, turning the Reader into a tiny, portable card skimmer. There's also a way to record the signal created by your card when you swipe its magnetic stripe on an unmodified Reader, which theoretically lets evildoers charge your card without approval.

Square is quick to note that an altered Reader won't work with the official app, and that it's not possible to handle a stored swipe "more than once." However, this assumes that you're paying attention to the apps in use when you're buying goods. An enterprising criminal could develop unofficial software that looks legit, but hides skimming code underneath. While it's not very likely that you'll run into one of these tweaked scanners in the wild, it's worth keeping an eye on your credit card statement if that sketchy shop clerk breaks out a Reader to complete a sale.

Update: Square has responded with a fuller version of its response, and contends that these are issues with card readers as a whole, not just its own technology. It contends that you could reassemble the innards of any reader to trick customers, and that the magnetic stripe decoding issue will affect the wider industry until chip-and-pin (EMV) cards take hold in the US. Read the full statement below.

"This story is about issues with magnetic-stripe credit cards, not Square. In 2015, it should not surprise us that a system using essentially the same technology as cassette tapes is vulnerable. That is why major credit card companies, lenders, and businesses are now embracing new, more secure, authenticated payment technologies. Square is helping to lead the way with our own card readers for chip cards and contactless payments.

"Any card reader on the market can be deconstructed. The chip could be crushed and then reassembled by using the undamaged shell of the reader. At Square, we have processes in place to prevent malicious behavior on damaged readers. Our Square Register software contains a number of security precautions that protect cards that are swiped on unencrypted readers. If our encrypted readers are damaged, they will not work with Square."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
13 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
A fourth 'Matrix' movie is happening

A fourth 'Matrix' movie is happening

View
NASA confirms mission to Jupiter's moon Europa

NASA confirms mission to Jupiter's moon Europa

View
Ford will reportedly make two more electric SUVs by 2023

Ford will reportedly make two more electric SUVs by 2023

View
The dream of flying taxis may not be too far off

The dream of flying taxis may not be too far off

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr