Turning my virtual wallet into a skimming device: mPOS solutions

Presented at DEF CON 31 (2023), Aug. 11, 2023, 3:30 p.m. (45 minutes)

In third-world economies, cheaper often means more accessible. In recent years, there has been a growing interest in modern mobile wallet solutions that allow you to save money, make transactions, payments, and transfer funds to friends or clients with the help of MPOS devices. These small, durable, and simple devices can be used to read credit card information. However, these solutions have vulnerabilities that can be exploited. In this talk, we will provide real-life examples of money theft, credit card information skimming, Bluetooth communication tampering, and hardware hacking associated with these solutions.

Presenters:

• Ileana Barrionuevo - Security Researcher at UTN FRC
  Ileana Barrionuevo is a security engineer, security researcher and international speaker with years of experience in Android mobile hacking and web application hacking. Security researcher @Labsis UTN FRC
• Dan Borgogno - Security Engineer at LATU
  Dan Borgogno is a security engineer, backend developer, security researcher and international speaker with years of experience on mobile, hardware, IoT and web application hacking. Security engineer@LATU Seguros.

Links:

• https://forum.defcon.org/node/245744

Similar Presentations:

• THOTCON 0x6 (2015) / Card skimming using a RaspberryPi
• Black Hat USA 2014 / Mission mPOSsible
• ekoparty 14 (2018) / For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems