Backdoor ModPipe attacks POS Systems

[Mirko981]

I have read a ESET bulletin about a Backdoor Modpipe attacks POS Systems.

ESET researchers earlier revealed that they have discovered ModPipe, a modular backdoor that gives its operators access to information stored in devices running Oracle Micros Restaurant Enterprise Series (RES) 3700 POS (point-of-sale) – a management software used by bars, restaurants and hotels worldwide.

Do you have more about this??

The link for complete information:

https://infotechlead.com/security/m...running-oracle-micros-res-3700-pos-eset-63844

Regards
Mirko

 

[CathalMF]

Micros RES stores the Micros database user password in the registry in an encrypted way, older versions also stored the DBA password.

This password is decrypted by the Micros POS applications so they can login to the database.

The Modpipe simply allows the user to decrypt these passwords so they can login to this database. Other password decryption tools have been passed around for years and years, including on this forum and the method used to decrypt the password is very easy.

The password is also available through other methods.

Micros RES is not secure and really never has been. But since it rarely stores much or any customer information (except for GSS customers) it doesn't need to be that secure.

I think the biggest issue with it is if attackers got into a large restaurant chain they could pull the financial sales data which may or may not be useful when trading on the stock market.

Specialist in creating custom applications for the Micros POS range: 3700, 9700, Simphony FE, Simphony. SIM Scripts, Data Exports, Simphony extension applications, API Creation and integration. If you need anything please contact me via my website

http://www.microspostools.com/