Apple is not exactly known for offering its wares at huge discounts, so when someone tells you that they were able to pick a new MacBook up for just a dollar, you know something is afoot.
As it turns out, that dollar MacBook is surprisingly possible, so long as you are willing to do a little hacking. ERPScan researchers Dmitry Chastuhin and Vladimir Egorov discovered that the Point of Sale (POS) systems used by some large retailers are amazingly easy to hack, allowing the price of anything available in-store to be altered. In this case, a MacBook.
The hack is made possible by the apparent lack of any form of security preventing anyone with access to a store’s central server from accessing and altering pricing within its databases. The POS, built by SAP and Oracle, simply requires someone to have access to the store’s network in order to wreak havoc. As it turns out, many stores simply have wide open Ethernet ports at unused tills and other areas within them. All the hacker needed to do was set a $25 Raspberry Pi up to access the store’s POS system and make the price adjustment.
The connections between POS workstation and the store server […] [often] lack the basics of cybersecurity – authorization procedures and encryption – and nobody cares about it. So, once an attacker is in the network, he or she gains full control of the system.
Once both Oracle and SAP were made aware of the security flaw, the latter released two patches in an attempt to up their game, so moves are already afoot to prevent this from being exploited. It is also unlikely that anyone would be able to actually make a purchase of something like a MacBook for just a dollar, but if the hackers were to be a little celverer about their attack, perhaps reducing the price of many items by smaller amounts during a shopping spree, then the savings would likely go unnoticed by the cashier.
You can checkout the demo in action in this video below: