Aloha point-of-sale terminal, sold on eBay, yields security surprises

Breaches involving point of sale (POS) systems in retail stores and the hospitality sector are all-too-common, and Aloha POS has been mentioned on this blog in some past breaches.  Now Jeremy Kirk reports:

Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal — a brand of computerized cash register widely used in the hospitality industry — on eBay for $200.

Oh found an eye-opening mix of default passwords, at least one security flaw and a leftover database containing the names, addresses, Social Security numbers and phone numbers of employees who had access to the system.

[…]

“What we found was that the overall state of security of the system was very poor,” he wrote in a blog post describing his analysis.

Read more on Computerworld.

About the author: Dissent