Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Backdoor ModPipe attacks POS Systems

Status
Not open for further replies.

Mirko981

Programmer
Jul 28, 2011
31
PE
I have read a ESET bulletin about a Backdoor Modpipe attacks POS Systems.

ESET researchers earlier revealed that they have discovered ModPipe, a modular backdoor that gives its operators access to information stored in devices running Oracle Micros Restaurant Enterprise Series (RES) 3700 POS (point-of-sale) – a management software used by bars, restaurants and hotels worldwide.

Do you have more about this??

The link for complete information:

Regards
Mirko
 
Micros RES stores the Micros database user password in the registry in an encrypted way, older versions also stored the DBA password.

This password is decrypted by the Micros POS applications so they can login to the database.

The Modpipe simply allows the user to decrypt these passwords so they can login to this database. Other password decryption tools have been passed around for years and years, including on this forum and the method used to decrypt the password is very easy.

The password is also available through other methods.

Micros RES is not secure and really never has been. But since it rarely stores much or any customer information (except for GSS customers) it doesn't need to be that secure.

I think the biggest issue with it is if attackers got into a large restaurant chain they could pull the financial sales data which may or may not be useful when trading on the stock market.

Specialist in creating custom applications for the Micros POS range: 3700, 9700, Simphony FE, Simphony. SIM Scripts, Data Exports, Simphony extension applications, API Creation and integration. If you need anything please contact me via my website
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top