Dare Devil: Beware Christmas Shoppers!

Next story

ticket_machines

If there’s one thing you want to be 100% secure it’s anything you put your credit card into: Dare Devil throws a huge spanner in those works. Capable of collecting huge amounts of data in a number of varied ways: Dare Devil might be a nasty surprise for potential Christmas shoppers.


d4re,dev1l or Dare Devil specifically targets kiosks and tickets machines that provide point-of-sale (POS) services.

Although not as much of a gold mine as ATM’s they have “many insecure methods of remote administration allowing for infectious payloads” to be delivered to the machine, according to IntelCrawler researchers in this post.

Mark James gives us a run through of POS based malware, Dare Devil and what companies need to do to get on top of the issue.


“Problems mean loss of revenue”


“One of the problems with POS terminals are that they are not kept up to date with the latest operating systems: most often they stick with an operating system that “just works” as stability is often a priority over security.

“If the terminal is working perfectly and not requiring maintenance then the perception could be that there’s no need to update it and possibly introduce problems: after all problems mean loss of revenue.

“The other potential problem is most POS systems have to have a means to remotely connect to manage them. These often involve, not so much default logins but, groups of similar logins and passwords to make life easier for staff when connecting in from outside.

“If there are no procedures for changing these logins on a regular basis, or when staff leave, then this could open up potential attack vectors.”


“Kept up to date”


Mark explains that there is very little that the consumer can do about this except “monitor our financial transactions” and “possibly have separate billing methods for higher risk shopping” in order to minimise the potential impact or having information stolen.

Mark believes that “the owner of the POS will need to ensure they are using the latest operating systems with only the software installed that’s needed to do the job.

“All applications including antivirus will need to be kept up to date and any updates installed as soon as possible.”