How to find PAX point-of-sale devices

|
Updated

Latest PAX Technologies vulnerability #

PAX Technologies, a China-based company that manufactures a LOT of point-of-sale (POS) terminal devices, has been in the news this week following an FBI raid of a PAX Florida facility. While the FBI didn't officially confirm much beyond serving a court-authorized search, a Krebs on Security post surfaces some serious security concerns around PAX device use in cybercrime attack operations. Specifically, that some PAX devices are being used in command-and-control (C2) operations during attacks and for hosting malware files. PAX has denied any knowledge of or involvement related to criminal activities involving its products (and point-of-sale devices and systems are well-known to be common targets for cybercriminals). Regardless, some large payment processors, such as Worldpay, started replacing their PAX point-of-sale terminals earlier this month after receiving inadequate explanation from PAX around traffic originating from their devices to websites that were not listed in PAX documentation.

PAX Technologies has not yet released any security advisories or other guidance related to these security concerns involving their point-of-sale terminals.

Finding PAX point-of-sale devices with Rumble #

Most PAX point-of-sale devices don't offer up any open UDP or TCP ports, which limits the datapoints we have for fingerprinting or identifying those assets. However, we can leverage the MAC address OUI (organizationally unique identifier) to identify PAX-manufactured devices. From the Asset Inventory, use the following pre-built query to locate PAX point-of-sale assets in your network:

mac_vendor:"PAX Computer Technology"
Find PAX point-of-sale devices

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Written by Pearce Barry

More about Pearce Barry
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

Rapid Response
How to find Cleo Harmony, LexiCom, and VLTransfer installations on your network
Cleo Software has disclosed CVE-2024-50623 affecting installations of Cleo Harmony, VLTransfer, and LexiCom on your network. Here's how to find...
Rapid Response
How to find Cisco NX-OS assets on your network
Cisco has released an advisory for a vulnerability found within their NX-OS software. Here's how to find affected assets.
Rapid Response
How to find Citrix Virtual Apps and Desktops software on your network
Citrix has released an advisory for two vulnerabilities affecting Citrix Virtual Apps and Desktops software.
Rapid Response
How to find FortiManager instances on your network
How to find FortiManager instances on your network using runZero

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved