Re: [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations

Rich Freeman on 7 Mar 2018 12:31:56 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations
Date: Wed, 7 Mar 2018 15:31:49 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=4wvcY3pGZWRebhNiNJLKlzRVsvWU8OvVxD2fJknieTs=; b=jSMya3yI9QbgpYQVlcc+ELboaCR+rughHjZqDNizzSCBAJ3cV2Z+28ja6tMOXYMaV1 QKvIlWQ4ZdwFRQpgwHcwfrz6W2HdpeMo32d7ZR5UFlL8tWG8rZR8B+oZxsrDGs3XP4Zv L8xq0yq4/HHmPDB45+ewv4e9B9kHa6G4u2X1Pd0gvbrJS3wIoD3xS2A36ghirFqMYou8 17J37W/wxDOj+K3jYOWVgECgheVFNpCzi9nkZc3QRvcAfE0xa3ZtFZI4S0OjFZ5CLxQT Q1LecFiTP30SMx0Ha/YxRtBRCnOj41ouzs2o42HhLFmdmaFxFKpaLrEUY81dMLJq1l3U eoXA==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Wed, Mar 7, 2018 at 3:17 PM, Walt Mankowski <waltman@pobox.com> wrote:
>>
>> The terminal could display "your total is $100", I could enter my PIN,
>> and then the terminal could send to my card a transaction for $10k
>> with the PIN, get the validation code, and send that to the bank.
>
> I'm confused about whether this is a real problem or one you've
> invented.

Is it really that confusing?  It is a completely theoretical attack.
I never claimed it was happening in the wild.

>> Also, current chip+PIN doesn't provide a solution for online or phone
>> transactions.  Ideally a better solution would address this as well.
>
> Apple Pay supports online payments. Again, I don't know how Android
> Pay works.

I was talking about chip+PIN, not Apple Pay, which is a completely
different system.  I'm not sure how secure it is against attacks from
software on a rooted phone, but other than that it obviously doesn't
rely on an untrusted terminal.

>> It would also eliminate the need for PCI compliance, because the
>> terminal wouldn't need to be secure.  Why we're keying PINs into
>> untrusted terminals in the first place seems like an anachronism.
>
> The Wells Fargo app for my phone has a relatively new feature where it
> gives you a one-time code you enter into the ATM instead of entering
> your card. You still have to enter your PIN, but it's not tied to your
> account number.
>

If they went a step further and had the one time code only show up
AFTER you've entered the desired transaction, and then it appears on
the phone screen, and you've hit the confirm button, that would be
more secure.  Granted, that still doesn't guarantee that the machine
will spit out the authorized amount of cash, but I don't really see a
solution to that one.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations
  - From: JP Vossen <jp@jpsdomain.org>
- Re: [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations
  - From: Walt Mankowski <waltman@pobox.com>
- Re: [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations
  - From: Walt Mankowski <waltman@pobox.com>

Prev by Date: [PLUG] Why were smbmount + smbfs deprecated?
Next by Date: Re: [PLUG] Why were smbmount + smbfs deprecated?
Previous by thread: Re: [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations
Next by thread: [PLUG] Fwd: 7x24 Exchange Meeting at FMC Tower RESCHEDULED for March 13th
Index(es):
- Date
- Thread