We're all used to seeing the ubiquitous cash drawer - that steel box, usually under the point-of-sale terminal, which holds the money received from sales - without giving it a second thought. But in recent years, the cash drawer has imploded in complexity into a full-blown appliance: From USB and Bluetooth support to on-board accounting and verification firmware, this innocuous box has quietly turned itself into a central component of the POS.
And unsurprisingly, the security of these devices has not improved in lockstep with their feature set.
In this talk, we will take apart the design and features of a modern cash drawer, and show why these devices are the proverbial chink in the armour of a POS system. We will discuss how we reverse engineered the firmware and the proprietary protocols used by several cash drawer models, and provide the tools for other reversers interested in following up. Finally, we will demonstrate how, by exploiting several security and design vulnerabilities, we can cause cash to disappear without a trace from a targeted business.