Explore the world of Point of Sale (POS) and Point of Purchase (POP) system vulnerabilities in this eye-opening conference talk from HITB GSEC 2017. Delve into the methods attackers use to access these critical retail systems, with a focus on SAP POS. Witness a fully operational attack vector demonstration, from initial breach to accessing sensitive data. Learn about the structure of payment processing, communication between cashier workstations and POS servers, and potential vulnerabilities in store manager connections. Discover remote code execution techniques and ways to gain full control of these systems. Examine encryption methods, extra server vulnerabilities, and patches. Gain practical insights into POS security beyond common knowledge, and understand why the retail sector faces the most security incidents related to credit card theft. Be prepared for a new perspective on credit card transactions after this revealing presentation.
Overview
Syllabus
Introduction
Presentation
History
Previous work
Structure of payment processing
How did we choose POS system
Processing
Demo
Demonstration
Communication between cashier workstation and POS server
Demonstration of the possibilities
Store Manager Connection
Whats Next
Scheme Of Attack
Remote Code Execution
Full Control
Full Demo
Encryption
Extra Server
Extra Server Patch
Micros
Taught by
Hack In The Box Security Conference
