Mission mPOSsible

Explore the security vulnerabilities of Mobile Point-of-Sale (mPOS) systems in this Black Hat conference talk. Dive into the weaknesses of leading Chip&Pin payment solutions for mobile devices, uncovering a series of exploitable flaws that allow code execution through various input vectors. Learn about the hardware and software components of mPOS devices, including their internal filesystem and update mechanisms. Witness live demonstrations of multiple attack vectors, with a focus on a malicious credit card capable of deploying a remote root shell on embedded mPOS devices. Examine the implications for small businesses and the broader financial technology sector, and gain insights into potential security improvements for these widely-used payment systems.

Intro
Agenda
Apple
emboss
transaction fees
Square
Chip and Sign
Chip and PIN
Popular brands
Hardware overview
Interface overview
Internal filesystem
Software updates
Vulnerability demo
Bluetooth
Bluetooth over USB
Bluetooth over Linux
Friendly blue light
EMV
EMV Buffer Overflow
Demonstration
Exploit
Attack
Vendors
Conclusion