Vendors skimp on security

Bank CrisisHardware vendors often skimp on providing basic security for products even when it is no real skin off their noses.

Hackers David Byrne and Charles Henderson cited the case of the world’s largest Point of Sale (PoS) systems vendor which has been slapping the same default password (66816) on its gear since 1990.

This has led to 90 per cent of customers are still using the same password. But Byrne and Henderson said that the outfit is not the only borked sales system.

In this case the only expertise required to carry out a hack is to open a panel using a paperclip – something which has been spotted by low paid staff with a grudge.

What is even more ironic is that the open password is being carried across to across to rival vendors as customers who assume their codes are unique switch equipment.

Henderson told the RSA Conference in San Francisco that 166816 is the default password for one of the largest manufacturers of point of sale equipment and has been since at least 1990.

The hackers also slammed nameless vendors for borking cryptography and basic best security practice, splashing the POS badge across their slide decks.

“Vendors claim that running in admin is a requirement but it’s nothing but lies, damn lies. I know why they do it; it’s like Nirvana for them. But if in fact [the PoS system] needs to run as administrator, that’s a good indicator that your vendor doesn’t take security seriously.”

What is strange is that it would not kill the Vensdors to fix the problem. It is not difficult to come up with new passwords for each machine sold, it is just they can’t be bothered.