I didn’t really think this deserved an entire blog post but it was a bit too much for a Twitter post. It never ceases to amaze me that no matter how far software comes, it still has so far to go. You’d think that modern software shouldn’t break so easily. It’s just too easy to break things that are software dependent, even if that software processes credit cards every day and is PCI compliant.
I ran across these ViVOtech ViVOpay 8800 terminals at a local retailer. They look like this:
I found out that you could create a denial of service condition by performing functions out of order. The DoS is bad enough that it causes the connected computer to require a reboot. There are 4 steps:
- Swipe Card
- Hit the Ok/Accept soft button
- Sign your signature
- Hit the Ok/Accept soft button
The payment screen starts to print like it was successful then locks up (as seen in the picture above). Not sure if it would time-out at some point, the clerk I was dealing with didn’t seem to have that much patience. I verified this multiple times and the store was running out of terminals. I figured it was probably better to just pay for my product and leave.
You would think items like this would get caught in QA somewhere, but in a world of rushing products out the door it didn’t get caught. These were newer devices so I am assuming the software is recent but who knows.
It makes you think about other items you use every day and how easily you can make them fail just by modifying usage. Oh well, that’s life in a world run by software.
