Reversing Point-of-Sale Systems: Potential Vulnerabilities in Transactions

Presented at REcon 2012, June 15, 2012, 2:30 p.m. (30 minutes)

This talk will entail discussion of the transactions and potential vulnerabilities in majorPOS systems. Although the vendor's name will not be mentioned, it is not unlikely that onecould guess this. Discussion of the firmware dumps and analysis pulled using device controllersand TSOP/PSOP IC's to ZIF DIP converters will be used for the m68k code portion and a modem man-in-the-middle(mitm) program has been used to capture data in-transit. Both of these will be used to drawfinal conclusions about the security of POS systems. Some discussion of ATM systems may alsotake place, as they are in the same vein. Major vulnerabilities, such as call-forwarding (see my 2010 ReCon talk on telephone switches) of the authorization server's number to a modemcontrolled by the attacker will definitely be discussed.


Presenters:

Links:

Similar Presentations: