I had kind of hoped the Square device encrypted the mag stripe data before sending it to the phone and onto their service (maybe sending the last 4 digits to the phone for confirmation purposes), clearly not.
I guess doing that would make the device to expensive for its target audience.
The Square dongle is free when you sign up to the service so yeah, anything more than the absolute minimum hardware necessary would push up the cost for them significantly.
Square supports Android as well and there are plenty of Android rooting mechanisms out there so this flaw isn't specific to iPhones.
Its interesting that Square insist you allow location services as they mark where you did your transactions on the receipts.
Previous Topic
Index
