Security firm Rapid7 recently performed a study that found 114,000 point of sale terminal servers, mostly from Digi International or Lantronix, were configured to let anyone gain access to their underlying systems. A terminal’s server (also referred to as a network access server) makes any equipment with a serial port accessible through the Internet.

The vulnerable systems included industrial control equipment, traffic signal monitors, fuel pumps, retail point of sale terminals and building automation equipment. A hacker scanning the Internet for the serial ports on these devices could easily use a command line program to gain administrative privileges and control the equipment.

Point of Sale – Diagnosing the Problem

The majority of the problem stems from companies failing to set up strong authentication measures. Rather than requiring a strong password, the equipment is left using the manufacturer’s default password – or no password or authentication at all. Manufacturer default passwords, for any electronic not just point of sale terminals, are available in mass online. Anything that connects to internet is vulnerable for hackers, which is why it’s crucial to set a unique password immediately after installation of new equipment.

The problem is an iceberg of massive proportions but to all of our customers in the retail world – we recommend checking your Point Of Sale terminals and working with internal experts as well as product manufacturer’s to ensure security for customers and yourselves. To read the full article click here to visit CSO Online.
Google