Creative Commons
Administrators of a network of payment terminals had their passwords stolen. And they hadn’t enabled second factor authentication. Whoops.
It is not because we manage tens of thousands of payment terminals that we are necessarily up to speed on IT security. Example: the company Wiseasy. Not well known to the general public, this Singapore-based start-up offers a payment terminal solution for Android systems and intended for restaurants, hotels, stores, etc. All payment points are connected to the “Wisecloud”, a client-server architecture that makes it easy to manage them remotely. A little too much.
Remote access through the cloud
According to Buguard security researchers, some Wiseasy employees had their passwords stolen through malware. Among them was an administrator account. And since none of these accounts were protected by a second authentication factor, hackers could remotely access more than 140,000 payment terminals, mainly in the Asia-Pacific region.
According to Buguard, this access made it possible to remotely install or uninstall applications on the payment terminal. It was also possible to retrieve the list of users of each terminal – with name, address and telephone number – as well as the password of the Wi-Fi network on which it was connected.
Low responsiveness
Contacted in July by security researchers, Wiseasy was also not very reactive in the management of this incident. Meetings were indeed stalled between Buguard and Wiseasy, but the latter canceled them at the last minute. Asked by TechCrunch, the company finally confirmed that the flaw is closed and that two-factor authentication is now activated. It’s not too soon.
Unfortunately, Wiseasy has released no further technical details. In particular, it is not known if the hackers siphoned off personal data or if they managed to get their hands on bank card data, which is usually the main objective in this kind of case.
Tech Crunch