Positive Technologies recommends banks to install new firmware versions on PAX S920 and PAX D210 mobile POS terminals.
PAX Technology has fixed three vulnerabilities in PAX S920 and PAX D210 mobile POS terminals discovered by Positive Technologies expert Artem Ivachev. These devices are used to receive payments in restaurants, hotels, transportation and other areas around the world. PAX Technology ranked third in the global POS market in 2019, according to The Nilson Report.
“Vulnerability CVE-2020-28892 (rated 2.5 on the CVSS 3.1 scale) in PAX S920 could have been used by attackers in a chain of other vulnerabilities as a final point,” says Artem Ivachev. - The error was related to a stack buffer overflow in pedd service (Stack buffer overflow in pedd service). She helped to elevate privileges and gain access to the keystore and protected memory of the device. If it was possible to execute code from an arbitrary user in the system, it allowed running the code with superuser (root) rights."
The second vulnerability in PAX S920 (CVE-2020-28891 with a CVSS 3.1 score of 3.9) relates to Signature verification bypass. It could help the attacker if he had the ability to download and run executable files. Using this error, it was possible to bypass the integrity check when running dynamically linked executable files.
The third vulnerability was found in the PAX D210 POS terminal (CVE-2020-29044 with a CVSS 3.1 score of 6.2). Having physical access to the device, through USB, it was possible to get the ability to execute code with the privileges of the operating system kernel. The error allowed extracting all secret information from the terminal, as well as loading a rootkit into the OS kernel.
“The chains of these and some other vulnerabilities made it possible to intercept user card data (Track 2, PIN), and also allowed sending arbitrary data to the processing of the acquiring bank (this required encryption keys that could be extracted from the terminal),” explained Artem Ivachev.
PAX Technology has released software updates that address these vulnerabilities. To obtain and install the necessary software, you must contact the equipment manufacturer, your bank or service provider.
In 2020, Positive Technologies experts helped to close vulnerabilities in Ingenico Telium 2 and Verifone POS terminals.
PIN entry device daemon (pedd) is a service responsible for cryptographic operations with payment data in the system.
Based on materials from Positive Technologies.
PAX Technology has fixed three vulnerabilities in PAX S920 and PAX D210 mobile POS terminals discovered by Positive Technologies expert Artem Ivachev. These devices are used to receive payments in restaurants, hotels, transportation and other areas around the world. PAX Technology ranked third in the global POS market in 2019, according to The Nilson Report.
“Vulnerability CVE-2020-28892 (rated 2.5 on the CVSS 3.1 scale) in PAX S920 could have been used by attackers in a chain of other vulnerabilities as a final point,” says Artem Ivachev. - The error was related to a stack buffer overflow in pedd service (Stack buffer overflow in pedd service). She helped to elevate privileges and gain access to the keystore and protected memory of the device. If it was possible to execute code from an arbitrary user in the system, it allowed running the code with superuser (root) rights."
The second vulnerability in PAX S920 (CVE-2020-28891 with a CVSS 3.1 score of 3.9) relates to Signature verification bypass. It could help the attacker if he had the ability to download and run executable files. Using this error, it was possible to bypass the integrity check when running dynamically linked executable files.
The third vulnerability was found in the PAX D210 POS terminal (CVE-2020-29044 with a CVSS 3.1 score of 6.2). Having physical access to the device, through USB, it was possible to get the ability to execute code with the privileges of the operating system kernel. The error allowed extracting all secret information from the terminal, as well as loading a rootkit into the OS kernel.
“The chains of these and some other vulnerabilities made it possible to intercept user card data (Track 2, PIN), and also allowed sending arbitrary data to the processing of the acquiring bank (this required encryption keys that could be extracted from the terminal),” explained Artem Ivachev.
PAX Technology has released software updates that address these vulnerabilities. To obtain and install the necessary software, you must contact the equipment manufacturer, your bank or service provider.
In 2020, Positive Technologies experts helped to close vulnerabilities in Ingenico Telium 2 and Verifone POS terminals.
PIN entry device daemon (pedd) is a service responsible for cryptographic operations with payment data in the system.
Based on materials from Positive Technologies.
