Reversing Point-of-Sale Systems: Potential Vulnerabilities in Transactions

This talk will entail discussion of the transactions and potential vulnerabilities in major POS systems. Although the vendor's name will not be mentioned, it is not unlikely that one could guess this. Discussion of the firmware dumps and analysis pulled using device controllers and TSOP/PSOP IC's to ZIF DIP converters will be used for the m68k code portion and a modem man-in-the-middle (mitm) program has been used to capture data in-transit. Both of these will be used to draw final conclusions about the security of POS systems. Some discussion of ATM systems may also take place, as they are in the same vein. Major vulnerabilities, such as call-forwarding (see my 2010 ReCon talk on telephone switches) of the authorization server's number to a modem controlled by the attacker will definitely be discussed.