Explore the security vulnerabilities of Mobile Point-of-Sale (mPOS) systems in this Black Hat conference talk. Dive into the weaknesses of leading Chip&Pin payment solutions for mobile devices, uncovering a series of exploitable flaws that allow code execution through various input vectors. Learn about the hardware and software components of mPOS devices, including their internal filesystem and update mechanisms. Witness live demonstrations of multiple attack vectors, with a focus on a malicious credit card capable of deploying a remote root shell on embedded mPOS devices. Examine the implications for small businesses and the broader financial technology sector, and gain insights into potential security improvements for these widely-used payment systems.
Overview
Syllabus
Intro
Agenda
Apple
emboss
transaction fees
Square
Chip and Sign
Chip and PIN
Popular brands
Hardware overview
Interface overview
Internal filesystem
Software updates
Vulnerability demo
Bluetooth
Bluetooth over USB
Bluetooth over Linux
Friendly blue light
EMV
EMV Buffer Overflow
Demonstration
Exploit
Attack
Vendors
Conclusion
Taught by
Black Hat
Related Courses
-
PinPadPwn
-
How Smartcard Payment Systems Fail
-
For the Love of Money - Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
-
Mobile Point of Scam - Attacking the Square Reader
-
A Safer Way to Pay - Comparing the Security & Integrity of 21st Century Payment Systems
-
Breaking Payment Points of Interaction
