Explore the vulnerabilities of Pin Pads and Payment Terminals in this 59-minute Black Hat USA 2012 conference talk. Delve into the security risks associated with Payment Applications running on device-specific firmware, focusing on their susceptibility to user input manipulation. Examine the increasing complexity of information handling as Chip and Pin technology replaces magnetic stripe cards, particularly in relation to the EMV protocol used by major payment smart-cards. Investigate additional attack surfaces introduced by various connection methods such as Ethernet, GPRS, WiFi, and phone lines. Witness demonstrations of memory corruption vulnerabilities in payment terminals and applications, showcasing how these can be exploited to achieve code execution. Discuss potential payloads and their implications for attackers, gaining valuable insights into the security landscape of widely-used payment systems.
Overview
Syllabus
Black Hat USA 2012 - PinPadPwn
Taught by
Black Hat