Security researchers have identified a vulnerability in Point Of Sale (POS) terminals used by a large number of major chains, and hacked it to allow them to buy a MacBook for one dollar …
TNW reports that ERPScan researchers Dmitry Chastuhin and Vladimir Egorov found the hack scarily easy to carry out. The key to it is that point-of-sale terminals developed by SAP and Oracle have no encryption or authorization procedures to prevent the price database being modified from within the store’s own network.
The attack does require physical access to the network, but as they demonstrated, many stores make this ridiculously easy. They found Ethernet ports on unused tills, weighing machines and just generally scattered around the store.
The connections between POS workstation and the store server […] [often] lack the basics of cybersecurity – authorization procedures and encryption – and nobody cares about it. So, once an attacker is in the network, he or she gains full control of the system.
All they needed to do was program a $25 Raspberry Pi to access the backend system for the POS and make the price adjustment. In this case, they changed the price of a MacBook to just $1.
They do note that real-life attacks would have to be a little more subtle. Even the most jaded of till operators would likely realize that an Apple laptop shouldn’t be costing a dollar. But if an attacker were to be a little more modest in their price reductions, and buy a bunch of other stuff at the same time, it could easily pass unnoticed.
They advised Oracle and SAP of their findings, and SAP issued two security patches to block the attack, telling us that customers are advised to apply these immediately.
SAP Product Security Response Team collaborates frequently with research companies like ERPScan to ensure a responsible disclosure of vulnerabilities. All vulnerabilities in question in SAP Point of Sale (POS) Retail Xpress Server have been fixed, and security patches are available for download on the SAP Support Portal. We strongly advise our customers to secure their SAP landscape by applying the available security patches from the SAP Support Portal immediately.
Check out the demo in the (badly-acted) video below.