Remote administration is possibly the biggest source of compromise when it comes to point-of-sale (POS) breaches, and nearly every register has some type of remote administration service, David Byrne, senior security associate with Bishop Fox, said during a session at RSA Conference 2015 in San Francisco.
“In most POS breaches you read about in the news, or perhaps you don't read about in the news, the vulnerabilities that are exploited and cause the breach are relatively simple,” Charles Henderson, VP of Managed Security Testing with Trustwave, said. “They're easily preventable things.”
In some instances it is a matter of poor physical security, such as bad locks and easy access to ports, which gives attackers direct access to the systems. Other times the issue is a lack of updated antivirus software, using symmetric encryption over asymmetric encryption, or using default passwords.
In an example, Henderson said that the default password for all products by one unnamed vendor is ‘166816,' or ‘Z66816,' and has been since 1990. He explained that, when tested, 90 percent of these terminals still have that code.
“If this is your POS password, please change it,” Henderson said.
Henderson and Byrne also talked about how allowing software to be able to run on POS systems only opens the door for devices to be infected with malware, such as Backoff and - more recently - Punkey. Henderson said that looking for malware signatures is a step in the right direction, but he indicated that it is not enough - users need to remain proactive in order to stay ahead of threats.
Some key takeaways: do not store payment card data on registers, enforce strong authentication policies, do not run POS systems as administrator, keep systems patched and antivirus signatures current, and use strong authentication.