Friday, August 5, 2011

Mobile Payment Device Square Shows It's Not In Shape Yet

The tech world has been buzzing for the last year about the mobile payment device Square. Its inventor, Jack Dorsey, who also founded Twitter, has been marketing it as a boon for small businesses and independent vendors.



But it could be cyber criminals who profit the most, stealing credit card data from the device's easily hacked audio recognition software. Tech blog Mashable reports:


Adam Laurie and Zac Franken, directors of Aperture Labs, discovered that due to a lack of encryption in the current Square app and free dongle for swiping cards, the mobile payment system can be used to steal credit card information, without even having the physical credit card.

Square works by converting credit card data into an audio file that is then transmitted to the credit card issuer for authorization.

In order to bypass the need to swipe a card, Laurie wrote a simple program — in fewer than 100 lines of code — that enables him and Franken to feed magnetic strip data from stolen cards into a microphone and convert that data into an audio file. Once that is played into the Square device via a $10 stereo cable, the data is sent directly to the Square app for processing.


Through a combination of proprietary knowledge and cutting edge tools and technology sets, Razorpoint helps security-minded organizations repel potentially lethal cyber threats that often elude mainstream network security providers. Contact us today to learn more about our security services.