The Bad, the Bad, and the Ugly - Why There's Little Hope for Point of Sale Security

Presented at ToorCon San Diego 16 (2014), Oct. 26, 2014, 11:30 a.m. (20 minutes).

Is there any hope for point of sale system security? These systems are a very attractive target for attackers, because, put quite simply, that’s where the money is. This talk will look at PoS security features and how we, as an industry manager to snatch defeat from the jaws of victory due to implementation problems, and just plain bad choices. We will examine some real life scenarios where testing teams managed to subvert PoS security features, sometimes in minutes and the bad controls that allowed this to happen. The second half of this talk will take a look at actual PoS malware recovered from the field and the features that makes it so very effective. Finally we will attempt to answer “Is there a point to trying to secure point of sale, or is it just another perpetual arms race?” by looking at the current landscape and some of the financial motivators in play. Hopefully this talk will provide the audience some new perspectives to the multitude of compromises involving point of sale systems.

Presenters:

• Rob Havelt
  Rob Havelt is a director in McGladrey’s Security and Privacy services division and the national leader for security testing services. Formerly a bourbon-fueled absurdist, raconteur, and man about town, currently a sardonic workaholic occasionally seeking meaning in the finer things in life. I enjoy lifting, carrying, dragging, and throwing impossibly heavy items, and most of the time, breaking electronic things.

Similar Presentations:

• THOTCON 0x6 (2015) / The Bad, The Worse, and The Ugly - No Hope for POS Security
• BSidesLV 2014 / Anatomy of memory scraping, credit card stealing POS malware
• DerbyCon 6.0 Recharge (2016) / Point of Sale Voyuer- Threat Actor Attribution Through POS Honeypots