Aloha point-of-sale terminal, sold on eBay, yields security surprises

Breaches involving point of sale (POS) systems in retail stores and the hospitality sector are all-too-common, and Aloha POS has been mentioned on this blog in some past breaches.  Now Jeremy Kirk reports:

Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal — a brand of computerized cash register widely used in the hospitality industry — on eBay for $200.

Oh found an eye-opening mix of default passwords, at least one security flaw and a leftover database containing the names, addresses, Social Security numbers and phone numbers of employees who had access to the system.


“What we found was that the overall state of security of the system was very poor,” he wrote in a blog post describing his analysis.

Read more on Computerworld.

About the author: Dissent

Comments are closed.