Currently in this country business people have to provide cash registers in order to document their sales. Cash register-apps on smartphones and tablets can also be used.
In a course in the master programme Information Security, students looked for security vulnerabilities in the apps. With the results found, companies that have developed apps can now improve their products.
Alpha to omega of common security vulnerabilities
Four manufacturers of cash register-apps recently cooperated with the study programme Information Security of the UAS St. Pölten. The assignment of the students was to find IT holes in the apps so that the companies could close them.
The students found several: insecure transmission of data by the app, risks in data management in the background, authentication problems or forgotten sensitive data in the code of the app, which could allow unauthorized access to the internal company system. "The alpha to omega of common vulnerabilities was there", said UAS-docent and course lecturer Markus Huber from the department Computer Science and Security.
Transfer of knowledge into practice
As they fulfil the legal regulations, app-based cash register systems will be accepted as are other cash register systems. The companies that have developed these apps provided them to the students for analysis. Based on the results, the companies can now close the security holes which were found.
"The project is an example of practise-oriented instruction at the UAS St. Pölten: current social, technical and economic problems are addressed and incorporated into the classroom", explained Christoph Lang-Muhr, researcher at the Institute for IT Security Research at the UAS St. Pölten and also head of the course.
In the case of cash register-apps: in addition to developing companies, especially small and medium enterprises and associations; that is to say, institutions that want to use these apps because a cash register system is too expensive for them also benefit from the work of the students. Only cash register versions for mobile devices (tablets and smartphones) were examined in the project, no other cash register software or system was examined. The companies taking part were 123Bon, Kassandro, Kassa24 and a company that wanted to remain anonymous.