How would malware get into the POS system?
You can’t use a cash register to go surfing on porn.com
Apparently, Target’s POS terminals are networked.
Here’s the analysis of the malware, and from that you can clearly see that the terminal must be running Windows and be capable of connecting to the internet:
Because they all talk to a central computer.
SkyNet is everywhere.
According to the article, they were able to compromise a web server to gain access to the network. From there they could deploy the malicious code to the POS devices and also set up a data collection point on another one of Target's servers. The malicious code on the POS devices would send the credit card data to this collection point as the card was swiped. The bad guys were able to log on to the collection server to gather the data whenever they felt like it.
I’d guess the glory of the network, the POS computers talk to local servers to update inventory and other stuff, those servers talk to WAN servers to meta all that data, and those servers can connect to other server that run basic parts of the network, which in turn are talked to by laptops run by office drones that surf porn at work. Nobody keeps domains separate anymore, creates too much work when the same stuff (like Office apps) are needed in multiple domains, they setup lots of two-way trusts and viruses spread.
POS endpoints have to be connected, otherwise they could now work to verify credit cards. usually such embedded devices have minimal OS and network services so there aren't a lot of weak processes to try to take over. However they probably have a mechanism to upgrade/patch the software on them remotely, and to do that you generally need a port that can push software in. That might be a way the attackers got in.
One trick they use is to send data that's way too big for the buffer (sort of like the "inbox") so that the data overflows into areas of memory it's not supposed to go to. That can crash the system and force a reboot and if you planted bad stuff on it, it will load at the reboot. Really clever hackers can do far more.
Looks like the hackers breached a web server and then logged onto POS servers which control the POS devices. What’s disturbing is that the hackers had a persistent connection and periodically downloaded data.
If it’s on a network, it can be hacked. And recently, it has been alleged that the NSA can hack even an offline machine that had been previously compromised.
If the POS is running on top of a vulnerable Windows OS, all too easy. All it takes is one compromised machine on a network, and it can be used as an attack platform to target other machines that can be exploited. Pretty soon, the attacker 'owns' the place.