Hacking POS Systems

Explore the world of Point of Sale (PoS) system hacking in this 38-minute conference talk from NorthSec. Dive into the methods attackers use to exploit technical and policy vulnerabilities in credit card fraud schemes. Learn about physical security approaches, kiosk breakouts, and sensitive data extraction techniques. Gain insights from real-life examples, including critical vulnerabilities in Oracle's hotel management platform. Discover topics such as PCI-DSS vs PA-DSS, administrative start-up scripts, accessibility keyboard shortcuts, Microsoft Office macros, and privilege escalation. Examine the risks associated with barcode scanners, magstripe readers, and two-tier architecture. Understand the implications of exposed session logs, database credentials, and remote code execution in Oracle OPERA. Conclude with valuable takeaways to enhance your understanding of PoS system security.

Intro
PCI-DSS vs PA-DSS
Physical Access
Kiosk Breakouts: Administrative Start-up Script
Kiosk Breakouts: Accessibility Keyboard Shortcuts
Kiosk Breakouts: Microsoft Office Macros
Kiosk Breakouts: Context Menu via Internet Explorer
Kiosk Breakouts: Notepad++ Run Prompt
Keyboards with Media Keys
Barcode Scanners as Keyboards
Privilege Escalation
Remarks on Scoping
Getting the Goods
MagStripe Reader "Malware"
MagStripe Reader: Authentication Weakness
Two-tier Architecture and Direct Database Access
Oracle OPERA: Disclosed Vulnerabilities
Oracle OPERA: Exposed Session Logs (#1)
Oracle OPERA: Exposed Database Creds (#2)
Oracle OPERA: Remote Code Execution (#3)
Oracle OPERA: Extracting Sensitive Data
Arbitrary Refunds with URI Schemes
Takeaways