Fast-Food Chain Sonic Investigates Potentially Large Credit Card Breach

Sonic Drive-In, a fast-food chain with more than 3,500 restaurants across 45 U.S. states, is reportedly investigating a potential security breach on its payment systems that might have exposed millions of credit card.

The company was informed about unusual activity on credit cards used at its locations by its payment processor. The scope of the problem or the number of impacted restaurants is not clear, as the investigation is in its early stages, the company told cybersecurity journalist Brian Krebs, who first reported the breach.

Krebs learned from financial industry sources about recent fraudulent transactions on cards that had previously been used at Sonic. He then managed to confirm with the help of other sources that a stash of 5 million stolen cards that were put up for sale recently on a site called Joker’s Stash included cards used at Sonic.

It’s not clear if the entire stash is from a potential Sonic breach because Krebs’s sources only bought and tested a handful of them. However, the fact that a few random cards from a very large set just happened to have been recently used at Sonic is statistically unusual and could indicate that many of the others might also be from a breach at the restaurant chain.

“At this point, little is known about the breach, but what is known is that login details, passwords, payment information and personally identifiable information magnetically attract hackers,” said Robert W. Capps, vice president of business development at NuData Security. “Like Wendy’s, Target and an alarming number of other major data breaches, the Sonic breach is bound to be a painful reminder that personal data is an irresistible target, no matter how diligent any company’s efforts are in data protection. Until PII data is rendered worthless by advanced authentication such as passive biometrics, consumers will continue to suffer the consequences of industry and legislative inaction.”

However, until we get to the point of widespread biometrics-based authentication like Capps suggests, it would be better if the U.S. banks and merchants would speed up the process of adopting chip-enabled credit cards. This is a decade-old technology in Europe and many other countries from around the world, and while it doesn’t eliminate fraud completely, it does make it harder to clone and abuse cards.

As of March 2017, only around 60 percent of Visa cards in the United States were chip-enabled and only around 45 percent of stores in the country accepted such cards.

300,000 Malicious Android Apps Use Linux DirtyCOW Exploit to Root Phones

Security researchers have found what appears to be the first strain of Android malware that exploits the DirtyCOW Linux privilege escalation vulnerability discovered last year to take over phones.

DirtyCOW (copy-on-write) is a critical race condition in the Linux kernel’s memory subsystem that allows a limited user account to obtain root privileges and take complete control over the system.

Upon its discovery in 2016, it wasn’t initially clear if the flaw affected Android, which is based on the Linux kernel but uses a mechanism called SELinux to enforce stricter security policies. Researchers later showed that the SELinux policies can be bypassed, so Google released a patch for the vulnerability.

The new Android malware that takes advantage of DirtyCOW to “root” phones was dubbed ZNIU by researchers from Trend Micro who found it. It was detected on around 5,000 phones from 40 countries last month, the majority of them being located in China and India, but also the United States, Japan, Canada, Germany and Indonesia.

The Trend Micro researchers initially found 1,200 malicious applications carrying ZNIU that disguised themselves as porn or game apps, among others. These apps were hosted on third-party websites, not on the official Google Play store.

However, their latest findings put the number of malicious ZNIU apps at more than 300,000, of which 140,000 have unique names. Most of the names are randomized and have weird characters and symbols in them, possibly in an attempt to avoid detection.

DirtyCOW is a particularly dangerous flaw because it has existed in the Linux kernel for the past nine years, so it affects all versions of Android except Oreo. Given the version fragmentation in the Android ecosystem and the fact that phones go out of support relatively quickly, there are likely millions of devices out there that have never received a patch for it.

The good news is that the DirtyCOW exploit used by ZNIU only targets devices with 64-bit ARM or x86 CPUs, which somewhat limits the number of devices that can be compromised. For 32-bit devices, the malware attempts to use older exploits that are likely to be patched on a larger number of devices. Google has also told Trend Micro that it can detect the ZNIU malware through its Google Play Protect feature.

Featured eBook
The Complete Guide on Open Source Security

The Complete Guide on Open Source Security

This joint report by Microsoft and WhiteSource discusses the difference in finding & fixing vulnerabilities in open source components opposed to proprietary code, how to grasp the unique challenges of open source security and how to tackle them, as well as how to master the best practices of managing your open source security risks. This ... Read More
WhiteSource

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at lucian@constantinsecurity.com or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 218 posts and counting.See all posts by lucian-constantin

One thought on “Fast-Food Chain Sonic Investigates Potentially Large Credit Card Breach

Comments are closed.