• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech Guide
  • Home Improvement
  • Gadget & Apps
  • Deals
  • News

Poor security on Aloha system points to industry’s lax treatment of POS terminals

By Guest Authors

A malware researcher at HP has revealed quite incidentally a surprising reality on how companies, specifically in the hospitality industry, handle point-of-sale terminals with such weak security treatment even as it is fast becoming the norm for quick payments.

According to the revelation, the Aloha point-of-sale terminal was sold on eBay for $200 and the device still contains data about its previous user, a company involved in the hospitality industry. The terminal has passwords, an un-patched vulnerability, and a used database with names, addresses, Social Security numbers and phone numbers of users that had gained access to the system previously.

Aside from well-meaning buyers, the terminal could have been sold to attackers, who are more than willing to pay hundreds of dollars just for the gamble of finding something in the system that they can turn into profit.

pos-attack

The main problem highlighted by this discovery is the lack of seriousness of the hospitality industry in securing the critical payment method for their company and customers alike, which can only be done by updating their POS terminals. This is obvious as many companies in the hospitality sector still use old systems of POS for their transaction that often lead to data breaches such as what happened to Target recently.

Considering the large number of POS terminals currently in use among industries, not just the hospitality sector, it is unknown how large the volume of vulnerabilities that could be potentially found in those systems. The only thing that is for sure is that their count is great.

Most small businesses also fail to comply with the payment card industry’s standards for data security, which again requires that companies upgrade and modernize their POS systems. This requirement is strictly being implemented by Visa and MasterCard.

Other businesses, in an effort to save costs for expensive POS terminals, turn to eBay to purchase relatively cheaper systems. But the risks posed by second-hand POS terminals, such as the potential that a malware may have been injected into the product or a vulnerability has not been fixed, could not be over-emphasized.

As a matter of security, POS terminals ought to be isolated from the Internet landscape, where all sorts of insecurities and attacks abound. But other companies in the hospitality industry are found to even link the system to public networks, exposing it to malicious attackers who could have the chance to exploit the system to their disadvantage.

Especially alarming is that these terminals run on Windows XP, which no longer receives support for update and security from Microsoft.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

Sanlaki vs SolidSlime VR Adapter for Eleven Table Tennis on Meta Quest 3

OptiSolex 400W Portable SolarBag Kit Review

MechLands M75 75% Wired-mode Hall Effect Keyboard Review

OneOdio Studio Max 1 DJ Wireless Headphones Review – Ultra-Low Latency Wireless Audio for DJs

Follow TechWalls

YoutubeFacebookXInstagram

Recent Posts

  • Sanlaki vs SolidSlime VR Adapter for Eleven Table Tennis on Meta Quest 3
  • Mother’s Day Deals: pexar Digital Picture Frames on Sale in May
  • Is Roasting Your Own Coffee Cheaper Than Buying Fresh Beans?
  • Wuben G5 EDC Mini Flashlight: A Compact Powerhouse for Everyday Carry

Copyright © 2025 · All Rights Reserved