A recently announced vulnerability of Chip and PIN payment terminals in the UK was predicated on the idea that attackers could somehow remove the devices and then replace them with something identical looking that would swipe information off of shoppers' payment cards. There were a few aspects of the attack that seemed impractical, but perhaps the removal of the machine was not one of them. This week, in Boston, a supermarket chain announced that attackers had stolen data from many of the store's customers by removing and modifying a few credit card readers. How the attackers got the readers to transmit the data back to them is unclear, as the store is remaining tight-lipped on the technical details of the attack. Of course, it now says that it has locked down all of its readers so as to prevent this from happening again. That seems like an obviously good idea; why is it, though, that these measures like these are only taken after a breach?
If you liked this post, you may also be interested in...
- UK Police Target Advertising On Infringing Sites, Opens Door For Scammers And Malware Purveyors
- DHS Interrogates NY Times Reporters At Border, Then Denies Having Any Records About Them
- How Not To Deal With Plagiarism
- AT&T Tells Shareholders To Mind Their Own Business Concerning Its Relationship With The NSA
- TSA Collects Nearly $500,000 In Abandoned Change Per Year And Has No Idea What To Do With It