A study on barcode scanners shows that a significant percentage of these devices— manufactured in China—were infected with the Zombie-Zero malware to send customer proprietary information to Chinese vendors.
When my daughter turned 2, she received a toy cash register with a barcode scanner. I am beginning to think it is the safest barcode scanner in the world.
Barcode scanners, magnetic card readers, RFID readers and similar entry devices used in Point Of Sale (POS), warehouses and other back-office applications are connected to computer endpoints via USB. Even if the connection is wireless, the receiver is eventually connected to a USB port.
When these entry devices are connected to the host computer, they appear as keyboards and the host cannot distinguish between them and “normal” keyboards. When a user scans a barcode, swipes a magnetic card or touches an RFID card, the programmed code is sent to the host PC as a series of keystrokes. Then, the host application (i.e. the POS software) reads these keystrokes.
When entry devices are integrous and do not abuse this connection, they work as expected and offer ease of installation, use and maintenance. But many of these devices are NOT TRUSTED and ARE MALICIOUS. They are used by criminals to attack the computing environment. Since the host computer has no way to distinguish between barcode scanners and “normal” keyboards, a malicious device might be used in order to run scripts that execute misconfiguration attacks, ransomware attacks and many other kinds of “goodies” without even being connected to the internet. It may also run a reverse-command-shell, allowing a remote command and control channel to the host computer and to the entire computing infrastructure.
The barcode scanner story is one example of a much broader security problem we face. Most connected peripherals are manufactured by vendors and delivered via unprotected and vulnerable supply chains. They have become a serious cyber threat to our computing infrastructure.
Sepio focuses on securing computer infrastructure against supply chain cyber threats. We deliver solutions to ensure real-world applications are as secure as my daughter’s toy.
Our state-of-the-art USB Cyber Security device secures the host’s USB ports. It ensures a safe connection for different entry devices, preventing network infection by malicious applications.