Skip to main content

How safe is Square? Researchers find a number of holes

squareMobile credit card payment system Square has been on a quick rise. Twitter co-founder Jack Dorsey’s baby has been on the move since this May, since it announced improvements for the product at TechCrunch Disrupt. The ability for consumers to make mobile payments, find Square-accepting retailers, and receive digital receipts solidified Square as viable point of sale software that could be an influential piece in e-commerce evolution.

Consumers are experiencing a lot of changes when it comes to online retail, including a host of benefits: Stored transaction data, ease of use, and constant accessibility just being a handful of the upgrades. But no technology comes without its caveats, and Square is no exception. Cnet reported that at this week’s Black Hat security conference, researchers announced Square can be used to access stolen credit card data.

How thieves could do this is almost so impressive it’s hard to be upset about it. Instead of using the actual card in question, a person could convert magnetic strip data to an audio file using a microphone, then take this and using a stereo cable, they could play it to the Square gadget attached to a smartphone. And there you have it: The ability to go on a shopping spree (of the digital variety only) without a card.

That’s not all. At the moment, Square does not feature hardware encryption or authentication. This enables the device to be used to skim cards for data and then give scammers the ability to make replications. “The dongle [the Square device] is a skimmer. It turns any iPhone into a skimmer… now you need less technical hardware to do it and no technical skills at all,” researcher Adam Laurie said.

The former of the two hacks requires something of a technical mind, but the latter sounds easy for even some of the most electronically-inept to put to use. Skimming card data is the real concern here, as fraudulent merchants on Square have little to no success standing up to its security standards against this type of activity. But why Square’s hardware remains unencrypted remains a mystery, and is leaving a significant security hole in its system.

Major competitor Verifone pointed this concern out earlier this year, which was labeled a smear campaign. Regardless of intentions, it’s a valid point, especially considering the growing use of Square. Square said devices with encryption capabilities are due to be released this summer, but we’re all still waiting. 

Molly McHugh
Former Digital Trends Contributor
Before coming to Digital Trends, Molly worked as a freelance writer, occasional photographer, and general technical lackey…
This AI cloned my voice using just three minutes of audio
acapela group voice cloning ad

There's a scene in Mission Impossible 3 that you might recall. In it, our hero Ethan Hunt (Tom Cruise) tackles the movie's villain, holds him at gunpoint, and forces him to read a bizarre series of sentences aloud.

"The pleasure of Busby's company is what I most enjoy," he reluctantly reads. "He put a tack on Miss Yancy's chair, and she called him a horrible boy. At the end of the month, he was flinging two kittens across the width of the room ..."

Read more
Digital Trends’ Top Tech of CES 2023 Awards
Best of CES 2023 Awards Our Top Tech from the Show Feature

Let there be no doubt: CES isn’t just alive in 2023; it’s thriving. Take one glance at the taxi gridlock outside the Las Vegas Convention Center and it’s evident that two quiet COVID years didn’t kill the world’s desire for an overcrowded in-person tech extravaganza -- they just built up a ravenous demand.

From VR to AI, eVTOLs and QD-OLED, the acronyms were flying and fresh technologies populated every corner of the show floor, and even the parking lot. So naturally, we poked, prodded, and tried on everything we could. They weren’t all revolutionary. But they didn’t have to be. We’ve watched enough waves of “game-changing” technologies that never quite arrive to know that sometimes it’s the little tweaks that really count.

Read more
Digital Trends’ Tech For Change CES 2023 Awards
Digital Trends CES 2023 Tech For Change Award Winners Feature

CES is more than just a neon-drenched show-and-tell session for the world’s biggest tech manufacturers. More and more, it’s also a place where companies showcase innovations that could truly make the world a better place — and at CES 2023, this type of tech was on full display. We saw everything from accessibility-minded PS5 controllers to pedal-powered smart desks. But of all the amazing innovations on display this year, these three impressed us the most:

Samsung's Relumino Mode
Across the globe, roughly 300 million people suffer from moderate to severe vision loss, and generally speaking, most TVs don’t take that into account. So in an effort to make television more accessible and enjoyable for those millions of people suffering from impaired vision, Samsung is adding a new picture mode to many of its new TVs.
[CES 2023] Relumino Mode: Innovation for every need | Samsung
Relumino Mode, as it’s called, works by adding a bunch of different visual filters to the picture simultaneously. Outlines of people and objects on screen are highlighted, the contrast and brightness of the overall picture are cranked up, and extra sharpness is applied to everything. The resulting video would likely look strange to people with normal vision, but for folks with low vision, it should look clearer and closer to "normal" than it otherwise would.
Excitingly, since Relumino Mode is ultimately just a clever software trick, this technology could theoretically be pushed out via a software update and installed on millions of existing Samsung TVs -- not just new and recently purchased ones.

Read more