The Bad, The Worse, and The Ugly - No Hope for POS Security presented at Thotcon 2015

by Rob Havelt,

Summary : Abstract: This two part presentation provides a detailed overview many of the issues surrounding Point of Sale system security. The first part of this presentation hi-lights those implementation problems that make point of sale systems so very easy to compromise in the first place. This will be done using multiple real world examples and scenarios involving even supposedly "secure" point of sale and cashless payment systems at large restaurant chains, retail environments, grocery chains, and other environments. Once we have established the ease of compromising these systems, and how these implementation issues can subvert even the best security controls on the PoS systems themselves, the focus will shift to malware commonly used in PoS compromises. Using examples found in the wild, the talk will demo certain malware, and discuss analysis of the same.