The Bad, The Worse, and The Ugly - No Hope for POS Security

Presented at THOTCON 0x6 (2015), May 15, 2015, noon (50 minutes)

This two part presentation provides a detailed overview many of the issues surrounding Point of Sale system security. The first part of this presentation hi-lights those implementation problems that make point of sale systems so very easy to compromise in the first place. This will be done using multiple real world examples and scenarios involving even supposedly "secure" point of sale and cashless payment systems at large restaurant chains, retail environments, grocery chains, and other environments. Once we have established the ease of compromising these systems, and how these implementation issues can subvert even the best security controls on the PoS systems themselves, the focus will shift to malware commonly used in PoS compromises. Using examples found in the wild, the talk will demo certain malware, and discuss analysis of the same.

Presenters:

• Rob Havelt
  Rob Havelt is a director in McGladrey's Security and Privacy services division and the national leader for security testing services. Formerly a bourbon-fueled absurdist, raconteur, and man about town, currently a sardonic workaholic occasionally seeking meaning in the finer things in life. I enjoy lifting, carrying, dragging, and throwing impossibly heavy items, and most of the time, breaking electronic things.

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Point of Sale Voyuer- Threat Actor Attribution Through POS Honeypots
• NorthSec 2017 / Hacking POS PoS Systems
• ToorCon San Diego 16 (2014) / The Bad, the Bad, and the Ugly - Why There's Little Hope for Point of Sale Security