Categories: Mobile

Mobile payment system Square can be hacked, claims researchers

Square enables smartphone users to process credit card transactions remotely

Two researchers attending the Black Hat security conference yesterday in Las Vegas have demonstrated a simple hacking technique that could allow unscrupulous individuals to purchase items using the mobile payment system Square and stolen credit card data. With this technique, would-be hackers could use stolen credit card data to withdraw funds without the need to be in possession of the physical credit card.

This hacking technique is made possible by the way in which Square works. Square is a mobile payment system that exists as a physical smartphone attachment or dongle and an Android or iOS mobile app. Users pay for goods by swiping their credit card through the Square dongle. The dongle creates a simple audio file containing the user’s credit card data that is then sent to the Square mobile app, processed and authorised by the appropriate credit card issuer. As it stands however, the audio files’ origins are not verified by the app so don’t necessarily have to be generated by the official dongle.

The two researchers, Adam Laurie and Zac Franken, created a simple program themselves that reads magnetic strip data from credit cards which is then converted to an audio file. This audio file can then be played into the Square dongle and the data is sent directly to the Square app for processing. The app does not distinguish between a proper credit card swipe and an audio file played into the device.

In this regard, stolen credit cards data could be stored efficiently in audio files and sold to dubious buyers. The Square app is due to be updated in the near future and will likely patch this vulnerability. Or instead, Square may issue new dongles that encrypt audio file data.

Albizu Garcia

Albizu Garcia is the Co-Founder and CEO of Gain -- a marketing technology company that automates the social media and content publishing workflow for agencies and social media managers, their clients and anyone working in teams.

Recent Posts

With surge in AI-generated code creates security concerns, DeepSources launches trio of autonomous AI agents for DevSecOps 

Autonomous, AI-powered employees are set to begin roaming corporate networks sooner than expected, marking the…

1 day ago

As carcinogenic chemicals from cleaning products hit the headlines, Viking Pure Solutions is protecting employees from harm

Despite the ongoing fight to reduce, reuse and recycle plastics, when it comes to environmental…

1 day ago

Muddy Waters vs. AppLovin: Why Investors Might Be the Real Target

Muddy Waters’ recent short report on AppLovin reads serious. Abuse, violations, an impending takedown. But…

2 days ago

Trump’s Tariff Policy: An Apparent Double Standard for Apple?

Do you know how I knew that Trump would be the 47th President of the…

2 days ago

These travel bloggers have the best tips on how to make the most of your trip to the UK

From Stonehenge to the Tower of London, Buckingham Palace to the Angel of North, there’s…

3 days ago

The science of what we eat: The NYU math grad bringing sustainable olive oil to your kitchen (Brains Byte Back Podcast)

When it comes to what we eat, more of us are asking the right questions:…

5 days ago