The Breach Days of August

Here we are, finishing summer in what should be the languor of the dog days, and yet news of more breaches — or at least potential “cracks” in technology that we’d assumed was safer — is insinuating itself in the headlines.

The first of these involves our friend the EMV chip, which we keep suggesting your business updates to, and for, as far as the extra security while processing charges.

Yet nothing is infallible, as news out of the annual Black Hat conference in Las Vegas reminds us.  As CNN Money reports, EMV chip cards also contain the same hackable magnetic strips we’ve always been using, yet EMV machines are “supposed to tell the payment machine to use the chip. But there’s a relatively easy way to knock down that safeguard.

“Computer security researchers at the payment technology company NCR demonstrated how credit card thieves can rewrite the magnetic stripe code to make it appear like a chipless card again. This allows them to keep counterfeiting — just like they did before the nationwide switch to chip cards.”

In other words, hackers can make it seem as if the cards being used were never “EMV’d” at all. But this only seems to be possible “because of the way many retailers are upgrading their payment machines: They’re not encrypting the transaction.”

Meanwhile, though, the main suppliers of EMV POS devices, Verifone and Ingenico, both say they offer point-to-point encryption on their machines, “but it’s up to retailers and their partners to turn it on. Currently, retailers focus on protecting the computer network that support their payment system. But that leaves the actual conversation between your credit card and the machine in plain text, readable to any hacker who breaks into the system.”

Meanwhile, “the conference researchers advised shops to ‘encrypt everything’ in a transaction” as well as suggesting that some customers with mobile payment options on their phones may want to use those.

Except! In this same news cycle comes word that nearly a billion Android portable devices — of the more recent variety — could be vulnerable to their own digital Achilles’ heel. According to Tech Times, “Android smartphone and tablet owners should know that many of their devices are in danger, as a new security vulnerability was detected on devices carrying Qualcomm chipsets.

The panic-worthy security issues run under the name of ‘QuadRooter’ and are able to let hackers hijack a user’s device. The number of affected gadgets reaches the impressive number of 900 million and counts top shelf products from manufacturers such as Google, HTC and Samsung.”

Other “noteworthy flagship phones,” are potentially affected, “such as the HTC One, the BlackBerry Priv, Google’s Nexus 5X and 6P, the OnePlus 3 and a few variants of Samsung’s Galaxy S7 and S7 edge.”

But there is already a scanner you can run available from the Google Store, which will let you know if your device is vulnerable, and point you toward some patches.

Though as the BBC quotes one of the discoverers of the security flaw: “I’m pretty sure you will see these vulnerabilities being used in the next three to four months.”

That will get us long out of August, to Thanksgiving, Christmas, Chanukah, and even a New Year.

Keep your coming holidays happy with a call to your AVPS Rep, for updated security advice, devices, and any other upgrades you may need.

Dog Days always become other days (and are there any “Cat Days” on the seasonal calendar?), and we can help you be ready for whatever they hold.


Tags: , , , ,

No comments yet.

Leave a Reply

You must be logged in to post a comment.