How safe is Square? Researchers find a number of holes

Molly McHugh

August 5, 2011 at 2:54 PM

Mobile credit card payment system Square has been on a quick rise. Twitter co-founder Jack Dorsey’s baby has been on the move since this May, since it announced improvements for the product at TechCrunch Disrupt. The ability for consumers to make mobile payments, find Square-accepting retailers, and receive digital receipts solidified Square as viable point of sale software that could be an influential piece in e-commerce evolution.

Consumers are experiencing a lot of changes when it comes to online retail, including a host of benefits: Stored transaction data, ease of use, and constant accessibility just being a handful of the upgrades. But no technology comes without its caveats, and Square is no exception. Cnet reported that at this week’s Black Hat security conference, researchers announced Square can be used to access stolen credit card data.

How thieves could do this is almost so impressive it’s hard to be upset about it. Instead of using the actual card in question, a person could convert magnetic strip data to an audio file using a microphone, then take this and using a stereo cable, they could play it to the Square gadget attached to a smartphone. And there you have it: The ability to go on a shopping spree (of the digital variety only) without a card.

That’s not all. At the moment, Square does not feature hardware encryption or authentication. This enables the device to be used to skim cards for data and then give scammers the ability to make replications. “The dongle [the Square device] is a skimmer. It turns any iPhone into a skimmer… now you need less technical hardware to do it and no technical skills at all,” researcher Adam Laurie said.

The former of the two hacks requires something of a technical mind, but the latter sounds easy for even some of the most electronically-inept to put to use. Skimming card data is the real concern here, as fraudulent merchants on Square have little to no success standing up to its security standards against this type of activity. But why Square’s hardware remains unencrypted remains a mystery, and is leaving a significant security hole in its system.

Major competitor Verifone pointed this concern out earlier this year, which was labeled a smear campaign. Regardless of intentions, it’s a valid point, especially considering the growing use of Square. Square said devices with encryption capabilities are due to be released this summer, but we’re all still waiting.

Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever
Caitlin Clark’s WNBA preseason debut went much like her senior year at Iowa. She hit a bunch of 3s and did so in front of a sold-out crowd.
Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
NBA playoffs: Predictions for each second-round series and Game 7 of Cavaliers-Magic
Our NBA staff makes its picks for Knicks-Pacers and every second-round series, plus the only Game 7 of the first round.
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
Yahoo Sports
The best RBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
Yahoo Finance
Warren Buffett pays tribute to Charlie Munger on a 'tough day' for shareholders
This year’s Berkshire Hathaway annual shareholder meeting marked a new era for the Oracle of Omaha, Warren Buffett. It’s the investing legend’s first without his right-hand man, Charlie Munger.
Yahoo Sports
Lakers fire head coach Darvin Ham after just 2 seasons, latest playoff series loss to Nuggets
Despite a trip to the Western Conference finals in his first season with the team, the Lakers are now ready to look for a replacement for Darvin Ham.
Yahoo Sports
How to watch the 2024 WNBA preseason tonight: Caitlin Clark’s next Indiana Fever game time, channel and more
The WNBA preseason tips off this Friday. Here's how you can catch Caitlin Clark's first game.
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
Yahoo Life Shopping
Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you
It's inexpensive, but is it effective? Dermatologists' verdict is in — and it's unanimous.
TechCrunch
Acura’s new all-electric SUV proves the most expensive model isn’t always the best
The first electric vehicle I ever drove was a Tesla Roadster in 2011. It was with great anticipation that I slid behind the wheel of the 2025 Acura ZDX Type S. Sure, it's a midsize SUV, but it wears the Type S moniker, a name reserved only for the most fun-to-drive in the Acura stable. On launch, the ZDX will be available in A-Spec and Type S trims -- both of which come equipped with a 102 kWh battery.
Yahoo Sports
Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans
Caitlin Clark fans beware: You never know what the 20-year veteran might say … or do.
Yahoo Sports
Wide receiver rankings for fantasy football 2024
The Yahoo Fantasy football analysts reveal their first wide receiver rankings for the 2024 NFL season.
Yahoo Sports
Tight end rankings for 2024 fantasy football 2024
The Yahoo Fantasy football analysts reveal their first tight end rankings for the 2024 NFL season.
Yahoo Sports
NFL Draft: Bears take Iowa punter, who immediately receives funny text from Caleb Williams
There haven't been many punters drafted in the fourth round or higher like Tory Taylor just was. Chicago's No. 1 overall pick welcomed him in unique fashion.
Yahoo Sports
NBA playoffs: Bucks G Patrick Beverley chucks ball at multiple Pacers fans amid elimination
PatBev made the Bucks' playoff exit even uglier.

News

Life

Entertainment

Finance

Sports

New on Yahoo

How safe is Square? Researchers find a number of holes

Recommended Stories

Former NBA guard Darius Morris dies at 33

Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

NBA playoffs: Predictions for each second-round series and Game 7 of Cavaliers-Magic

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

The best RBs for 2024 fantasy football according to our analysts

NFL Draft grades for all 32 teams | Zero Blitz

Warren Buffett pays tribute to Charlie Munger on a 'tough day' for shareholders

Lakers fire head coach Darvin Ham after just 2 seasons, latest playoff series loss to Nuggets

How to watch the 2024 WNBA preseason tonight: Caitlin Clark’s next Indiana Fever game time, channel and more

CVS stock plunges after earnings numbers one analyst 'did not even believe'

Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you

Acura’s new all-electric SUV proves the most expensive model isn’t always the best

Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans

Wide receiver rankings for fantasy football 2024

Tight end rankings for 2024 fantasy football 2024

NFL Draft: Bears take Iowa punter, who immediately receives funny text from Caleb Williams

NBA playoffs: Bucks G Patrick Beverley chucks ball at multiple Pacers fans amid elimination