PinPadPwn
Offered By: 44CON Information Security Conference via YouTube
Course Description
Overview
Explore the vulnerabilities of pin pads and payment terminals in this 57-minute conference talk from the 44CON Information Security Conference. Delve into the complexities of Chip and Pin technology, EMV protocols, and the expanding attack surface of payment devices. Learn about memory corruption vulnerabilities and their potential for code execution on terminals. Examine case studies, witness demonstrations of exploits, and understand the implications for payment security. Gain insights into vendor fixes, device administration, and future security considerations for payment systems.
Syllabus
Intro
Rafael
Payment terminals
Previous attacks
Attack Surface
Research Approach
Common setups
Payment ecosystem
Chippin payments
Chipandpin payments
Smart cards
EMV Lab Doc
First Attempt
Smart Card
Case Studies
Payment Terminal
Network Interface
Memory Dump
Password Check
EMV Buffer Overflow
Demo
Demo Summary
Vendor Fix
Device Overview
Payment Application
Remote Administration
Demonstration
Payment
CashInHide
Future Work
More Updates
Conclusion
Security
Security questions
Taught by
44CON Information Security Conference
Related Courses
Supply Chain Unchained - How To Be A Bad SaaS44CON Information Security Conference via YouTube Aviation Security 101
44CON Information Security Conference via YouTube The Anti-Checklist Manifesto
44CON Information Security Conference via YouTube Why Are We Still Doing Authentication Wrong?
44CON Information Security Conference via YouTube What Do Hackers See When They Look at the Clouds
44CON Information Security Conference via YouTube