Skip to main content

If your Point Of Sale Uses Oracle, Update Now

By February 12, 2018June 9th, 2022Technology News

Oracle is currently the third-largest provider of POS (Point of Sale) software on the market today, which means that there’s a fairly good chance you’re using an Oracle POS system.  If you are, there’s trouble ahead.  A recently discovered security flaw could put your system at risk.

Oracle has already identified and patched the security flaw, but there’s a problem.  Since POS systems are deemed “mission critical” by most businesses, System Administrators rarely schedule maintenance for them on fears that an unstable patch or update could cause undue downtime for the company.  Because of that, it will likely be a month or more before the new update finds its way to all 300,000 of the at-risk systems.

As security flaws go, this one is fairly nasty, too, as it allows a hacker to collect configuration files from any vulnerable Micros POS system.  This data can then be used to grant the hacker full, unrestricted access to the POS system,  as well as the database and server it feeds information to.

Most hackers attacking a POS would be content with simply collecting credit card details for resale on the Dark Web However, with this exploit, any sort of malware could be installed to use against the company later.

Even worse, a hacker need not be in close proximity to the device in question.  A carefully crafted HTTP request could trigger the security flaw and open the door.  Of course, if a hacker is in close proximity to the system, then there are many easier ways to infect it.  One only needs to distract the sales clerk long enough to attach a simple Raspberry Pi board equipped to run the exploit code and the damage is done.

The bottom line is, if you use an Oracle POS, make installing the latest security patch a priority.  You’ll be vulnerable until you do.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.