Exploiting POS bugs on POS systems
Point of sale systems are constantly in the news for being weak targets. The point of sale (POS) terminals market is estimated at USD 46 billion dollars and is expected to reach almost 100 billion by 2022. With so much money constantly moving between our payment industries and bank accounts these attacks will only rise in frequency. While point of sale (POS) systems and are nothing new, the most prevalent attacks on POS systems typically involve weak authentication methods or server misconfigurations. Rarely do we see targeted attacks on underlying software.
In this talk I will walk through POS systems and how they work from the software and hardware perspective. I will also demo some remote code execution point of sale exploits on new model POS system hardware from the largest deployed POS systems in the world. From this we can install rootkits to keep the fun going or even open the cash register remotely. Finally, I will discuss protection mechanisms that POS companies can implement to harden their attack surfaces.