category

Credit card chip hacks, big rig hijacks due to sloppy security

Credit card with chip

Credit cards with chips can be hacked, and it’s not because their internal security is faulty. The primary issue is retailers not encrypting the transactions because, golly, that will cost them money. So, they’re leaving the doors open and hoping no one sneaks in. Right. Almost comically, retailers are blaming the new technology, when all they need to do it turn encryption on.

Hackers have succeeded in hijacking big rig accelerators and brakes. They are currently doing it via a dongle plugged into the truck. They say doing this remotely is certainly feasible too because, wait for it, security on these systems is inadequate and, added bonus, many trucks use the same communications standard.

The problem is both situations is “security” that ranges from crappy to non-existent.

Sigh. The answer for credit card security already exists. Retailers need to implement encryption.

The major machine makers, Verifone and Ingenico, both asserted they offer point-to-point encryption on retailer’s machines — but it’s up to retailers and their partners to turn it on.

Currently, retailers focus on protecting the computer network that support their payment system. But that leaves the actual conversation between your credit card and the machine in plain text, readable to any hacker who breaks into the system.

It’s a mistake, said Mike Weber, vice president at the IT auditing firm Coalfire. “They’re assuming the environment is okay,” he said. “It’s not.”

What could possible go wrong with remotely controlled big rigs?
Early this year, one security researcher found thousands of trucks left open to over-the-Internet attacks via an insecure telematics dongle that tracks gas mileage and location. “It’s pretty safe to hypothesize we’re not far off from coming up with remote attacks as well,” says Michigan researcher Yelizaveta Burakova.

The researchers found that developing those attacks was actually easier than with consumer cars, thanks to a common communication standard in the internal networks of most industrial vehicles, from cement mixers to tractor trailers to school buses.

Comments are closed.

Powered by WordPress. Designed by WooThemes