Technology

Hackers stole passwords for accessing 140,000 payment terminals – TechCrunch

Hackers had access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy, a cybersecurity startup told TechCrunch.

Wiseasy is a brand you may not have heard of, but it is a popular Android-based payment terminal manufacturer used in restaurants, hotels, retail stores, and schools across the Asia-Pacific region. Through its Wisecloud cloud service, Wiseeasy can remotely manage, configure and update customer terminals over the internet.

But passwords belonging to Wiseasy employees used to access Wiseasy’s cloud dashboards – including an “admin” account – were found on a dark web marketplace actively used by cybercriminals, according to the startup.

Youssef Mohamed, chief technology officer at penetration testing and dark web monitoring startup Buguard, told TechCrunch that the passwords were stolen by malware on the employee’s computers. Mohamed said two cloud dashboards were exposed, but none of them were protected with basic security features like two-factor authentication, allowing hackers to access nearly 140,000 Wiseasy payment terminals around the world.

Payment systems are often targeted by financially minded hackers to skim credit card numbers for fraud purposes.

Buguard said it first contacted Wiseasy about the compromised dashboards in early July, but efforts to disclose the compromise were met with meetings with executives, which were later canceled without warning, and according to Mohamed, the company declined to say if or when the cloud dashboards would be backed up.

Screenshots of the dashboards seen by TechCrunch show an “admin” user with remote access to Wiseasy payment terminals, including the ability to lock the device and remotely install and remove apps. The dashboard also allowed anyone to see names, phone numbers, email addresses and access permissions for Wiseasy dashboard users, including the ability to add new users.

Another dashboard view also shows the WiFi name and clear-text password of the network to which payment terminals are connected.

Mohamed said anyone with access to the dashboards can control Wiseasy payment terminals and make configuration changes.

When reached by TechCrunch, Wiseasy Chief Executive Jason Wang declined to comment. In a separate email from Wiseasy spokesperson Ocean An, the company confirmed that the issues have been fixed and that it had added two-factor authentication to the dashboards.

It’s not clear if the company intends to notify its customers about the vulnerability.

https://techcrunch.com/2022/08/01/wiseasy-android-payment-passwords/ Hackers stole passwords for accessing 140,000 payment terminals – TechCrunch

Snopx

Pechip.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@pechip.com. The content will be deleted within 24 hours.

Related Articles

Back to top button