Explore the vulnerabilities of pin pads and payment terminals in this 57-minute conference talk from the 44CON Information Security Conference. Delve into the complexities of Chip and Pin technology, EMV protocols, and the expanding attack surface of payment devices. Learn about memory corruption vulnerabilities and their potential for code execution on terminals. Examine case studies, witness demonstrations of exploits, and understand the implications for payment security. Gain insights into vendor fixes, device administration, and future security considerations for payment systems.
Overview
Syllabus
Intro
Rafael
Payment terminals
Previous attacks
Attack Surface
Research Approach
Common setups
Payment ecosystem
Chippin payments
Chipandpin payments
Smart cards
EMV Lab Doc
First Attempt
Smart Card
Case Studies
Payment Terminal
Network Interface
Memory Dump
Password Check
EMV Buffer Overflow
Demo
Demo Summary
Vendor Fix
Device Overview
Payment Application
Remote Administration
Demonstration
Payment
CashInHide
Future Work
More Updates
Conclusion
Security
Security questions
Taught by
44CON Information Security Conference
