Black Hat: Square Credit-Card Reader Hacked!

Neil J. Rubenking - PC Magazine

August 4, 2011 at 5:00 PM

The Square reader makes any iPhone into a credit card reader. Set up an account with Square and you can take credit card payments, and the reader comes free with your account. It's a great thing for craft vendors and other small-scale merchants. And it's perfectly secure… isn't it?

Adam Laurie (also known as Major Malfunction) and Zac Franken of Aperture Labs wondered just how secure such a thing could be. It just uses the earphone jack, after all. So it must be converting the magnetic stripe data into sound. Confirming this was simple enough.

The pair wrote a simple PC-based tool to record the credit card sound and play it back on demand. They bought a $10 cable to connect a laptop to the iPhone. In a small press preview at the Black Hat conference they demonstrated that playing the credit card sound has the same effect as scanning the card with the Square reader. The researchers notified Square in February; Square responded that they see no significant threat.

This hack also allowed them to effectively pull cash from a gift card that officially can't be used for cash. All they had to do was "pay" themselves using the hack software. Laurie pointed out that malefactors can use this technique to directly get money from stolen credit card data, rather than having to purchase goods and resell them.

The hack poses no risk to users of the Square service. Quite the contrary; the risk is to everyone else from Square users misusing the device. This hack won't last forever. A new version of the Square device is in the works.

In addition, this hack doesn't really demonstrate a weakness with Square. The real problem is in the mag stripe concept itself. Using the Square reader simply lets people skim credit card data with no special knowledge or hardware. Now don't you feel secure?

Yahoo Sports
2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set
With the lottery order set, here's a look at Yahoo Sports' projections for both rounds of the 2024 NBA Draft.
Yahoo Sports
NFL schedule release: Chiefs to host Ravens in 2024 season opener
Chiefs vs. Ravens on Sept. 5 will be a rematch of last season's AFC Championship Game.
Yahoo Sports
NBA Draft Lottery: Hawks get No. 1 pick, despite 3 percent chance of winning
The Atlanta Hawks won the No. 1 overall selection in the NBA Draft Lottery. The Hawks had a 3 percent chance of winning the top pick.
Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
NBA playoffs: Nuggets stun Timberwolves with Jamal Murray prayer; tie series, reclaim home-court advantage
The champs are back.
Yahoo Sports
Anthony Edwards talks postgame exchange with Jamal Murray: 'We love that, keep talking that'
Edwards is here for the chatter. And he's goading Murray for more.
Yahoo Finance
How rich homebuyers are avoiding high mortgage rates
Homebuyers with means are turning to an old strategy to get around a new crop of high mortgage rates: all-cash deals.
Yahoo Finance
Here's 1 big investing mistake you are probably still making
Maybe a 5% CD isn't the best choice for your hard-earned money.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Fantasy Baseball Waiver Wire: A hitter who should be rostered in every league is available in more than half of them
Prep for the final days of Week 6 with Dalton Del Don's latest batch of fantasy baseball waiver wire pickups!
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Autoblog
Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)
Trucks aren't known for being fuel efficient, though times are changing. These are the trucks with the best gas mileage in various segments.
Yahoo Sports
Tight end rankings for fantasy football 2024
The Yahoo Fantasy football analysts reveal their first tight end rankings for the 2024 NFL season.
Yahoo Sports
Wide receiver rankings for 2024 fantasy football
The Yahoo Fantasy football analysts reveal their first wide receiver rankings for the 2024 NFL season.
Yahoo Sports
Derrick Lewis strips off shorts, moons crowd in St. Louis after KO win over Rodrigo Nascimento
“I appreciate St. Louis for letting me show my naked ass tonight."
Yahoo Finance
Bud Light sales still falling as Modelo, Coors fight to keep their gains
The competition among beer giants is still brewing.
Yahoo Finance
Australian ambassador: 'American model is proving its resilience' despite threat from Chinese industrial policy
China may be outspending the US when it comes to industrial policy in sectors like electric vehicles and semiconductors, but America is winning on innovation where it can’t on price, according to one China expert.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Michael Cohen testifies in Trump hush money case

Black Hat: Square Credit-Card Reader Hacked!

Recommended Stories

2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set

NFL schedule release: Chiefs to host Ravens in 2024 season opener

NBA Draft Lottery: Hawks get No. 1 pick, despite 3 percent chance of winning

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

NBA playoffs: Nuggets stun Timberwolves with Jamal Murray prayer; tie series, reclaim home-court advantage

Anthony Edwards talks postgame exchange with Jamal Murray: 'We love that, keep talking that'

How rich homebuyers are avoiding high mortgage rates

Here's 1 big investing mistake you are probably still making

The best RBs for 2024 fantasy football, according to our experts

The FDIC change that leaves wealthy bank depositors with less protection

Fantasy Baseball Waiver Wire: A hitter who should be rostered in every league is available in more than half of them

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

The best budgeting apps for 2024

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)

Tight end rankings for fantasy football 2024

Wide receiver rankings for 2024 fantasy football

Derrick Lewis strips off shorts, moons crowd in St. Louis after KO win over Rodrigo Nascimento

Bud Light sales still falling as Modelo, Coors fight to keep their gains

Australian ambassador: 'American model is proving its resilience' despite threat from Chinese industrial policy