Malware on POS
I was reading an article about a retailer having a data breach due to malware running on their POS machine. I have what is probably a dumb question but I'll ask anyway. How does malware get installed on a POS machine? I have limited experience in the retail space, but I have done a few consulting gigs. From what I've seen, the POS systems were running an embedded version of Windows XP, which I know is no longer supported and could easily be a vulnerability. My confusion is how malware would get installed to begin with. I wouldnt think these POS machines would need internet access.
Comments
Also while they perhaprs dont have internet access, they are usually connected to an internal network, they can became infected after a first breach.
Finally, I have also seen a guest wifi that is plugged in the same network as the POS..
- Maybe an employee or someone with access is paid to insert a disk or USB.
- Pose as an IT or service person and insert a disk/USB
I'm sure folks will chime in with other ways.Yes, absolutely vulnerable. That's exactly what I was wondering. If its because say a desktop or another device got infected and since they share the same LAN (without segmentation), they then get infected.
Is it also best practice to disable USB ports for Flash drives? Most of the POS machines I've seen (not many), are not AD Joined, so GPOs are not an option
Next: CCNP (R&S and Sec)
Follow my OSCP Thread!
POS Machine? Or POS system? The cash registers usually connects back to a server that runs Microsoft server software. The Touch screen IBM POS sale terminals I have experience didn't have Hard Drives, but did run an operating system that you could run some updates against. While you would think comprising the Server would be ideal, the POS registers don't have Anti-Virus software, so a compromised POS terminal would escape detection for quite some time.
I'm sorry, when I say POS, I'm referring to the POS registers systems that are in the stores. The ones I've seen run like windows xp embedded. I'm pretty sure they had hard drives. I've even seen in one place where they had two registers, one of which acted as the "server"
I don't get why they don't run AV.
Working on - RHCE
Also, why should they have internet access, if there is no need? Isn't that asking for trouble
Edit: Also, Antiviruses are nowhere near a guarantee that malware won't get through.
Working on - RHCE
I saw you mentioned email. If the email server is internal, that doesn't require internet access. If it's office 365, it's easy enough to allow that traffic and restrict the rest. Not sure what your second use case was
AV isn't a guarantee, correct, but I would think it shouldn't be disregarded altogether.
It seems these systems are a real weakness
Working on - RHCE
I think you're missing my point, but it's okay. I appreciate the responses
Working on - RHCE