• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Poor security on Aloha system points to industry’s lax treatment of POS terminals

Updated on Jul 21, 2014 by Guest Authors

A malware researcher at HP has revealed quite incidentally a surprising reality on how companies, specifically in the hospitality industry, handle point-of-sale terminals with such weak security treatment even as it is fast becoming the norm for quick payments.

According to the revelation, the Aloha point-of-sale terminal was sold on eBay for $200 and the device still contains data about its previous user, a company involved in the hospitality industry. The terminal has passwords, an un-patched vulnerability, and a used database with names, addresses, Social Security numbers and phone numbers of users that had gained access to the system previously.

Aside from well-meaning buyers, the terminal could have been sold to attackers, who are more than willing to pay hundreds of dollars just for the gamble of finding something in the system that they can turn into profit.

pos-attack

The main problem highlighted by this discovery is the lack of seriousness of the hospitality industry in securing the critical payment method for their company and customers alike, which can only be done by updating their POS terminals. This is obvious as many companies in the hospitality sector still use old systems of POS for their transaction that often lead to data breaches such as what happened to Target recently.

Considering the large number of POS terminals currently in use among industries, not just the hospitality sector, it is unknown how large the volume of vulnerabilities that could be potentially found in those systems. The only thing that is for sure is that their count is great.

Most small businesses also fail to comply with the payment card industry’s standards for data security, which again requires that companies upgrade and modernize their POS systems. This requirement is strictly being implemented by Visa and MasterCard.

Other businesses, in an effort to save costs for expensive POS terminals, turn to eBay to purchase relatively cheaper systems. But the risks posed by second-hand POS terminals, such as the potential that a malware may have been injected into the product or a vulnerability has not been fixed, could not be over-emphasized.

As a matter of security, POS terminals ought to be isolated from the Internet landscape, where all sorts of insecurities and attacks abound. But other companies in the hospitality industry are found to even link the system to public networks, exposing it to malicious attackers who could have the chance to exploit the system to their disadvantage.

Especially alarming is that these terminals run on Windows XP, which no longer receives support for update and security from Microsoft.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

New iDPRT Printers – SP450, SP420, and Zeva 1966 Photo Printer Reviewed

Munbyn P44S Wireless Thermal Label Printer Review

Master & Dynamic MW75 Wireless Headphones Review – Get Lost in the Music

3DMakerPro Mole 3D Scanner Review – Affordable, Portable, and Easy To Use

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • New iDPRT Printers – SP450, SP420, and Zeva 1966 Photo Printer Reviewed
  • Munbyn P44S Wireless Thermal Label Printer Review
  • POLYWOOD Classic Folding Adirondack vs Member’s Mark Adirondack Chair – Which Is Better?
  • BLUETTI’s New Expandable Outdoor Solar Generator AC60 & B80

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}