So if you have not heard about Square yet, it is a really good idea enabling pretty much everyone the ability to take credit cards. It is a small device (about the size of a headphone splitter) that connects to your smartphone and allows you to swipe cards for payments.
square payment
So these devices have some amazing potential. Imagine not having to carry cash ever again. Want to pay a street vendor? Swipe. Pay your buddy back for beers last night.. Swipe. You get the point.
However, I have some questions about the security of these devices. Sure, we can all scoff at the apparent lack of security people are already doing with these, sense they are uploading 1080p videos of them swiping their cards on youtube (I will let you figure out why 1080p + creditcards + pause + photoshop = disaster for that poor soul)
But I am also curious on the transmission path and residual “noise”. Anyone who has fired up Karmetasploit knows that iphones are pretty easy prey — they love connecting to any wifi spot they come across. I wonder what safeguards are put in place to stop me from “middling” them?
Hey @square guys, send me a couple of squares — I would love to do a free security audit of them. I think you got a great product, I would love to help make it better (secured). Feel free to contact me on twitter!