Overview
Explore the security vulnerabilities of iOS-based Mobile Point-of-Sale (POS) systems in this 40-minute conference talk by Mike Park, Managing Consultant at Trustwave SpiderLabs. Delve into the challenges of combining POS and mobile technologies, examining common pitfalls and security risks in rushed iOS solutions. Learn about technological shortcomings, coding mistakes, and platform misunderstandings that lead to insecure applications. Witness a walkthrough of the PiOSon POS demo app, including its functionality, card data handling, and backend communication. Observe a live hacking demonstration featuring jailbreaking, method swizzling, and malware installation to capture track data. Gain insights on improving mobile POS security through better platform understanding, secure card reader selection, and coding best practices. Compare the insecure demo with a safer version, AntidOte POS, and explore potential solutions like Mobile Device Management (MDM) to enhance overall security in mobile POS implementations.
Syllabus
PiOSoned POS - A Case Study in iOS based Mobile Point-of-Sale gone wrong - Mike Park
Taught by
OWASP Foundation