BEGIN:VCALENDAR
PRODID;X-RICAL-TZSOURCE=TZINFO:-//com.denhaven2/NONSGML ri_cal gem//EN
CALSCALE:GREGORIAN
VERSION:2.0
BEGIN:VTIMEZONE
TZID;X-RICAL-TZSOURCE=TZINFO:America/New_York
BEGIN:DAYLIGHT
DTSTART:20150308T020000
RDATE:20150308T020000
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
DTEND;TZID=America/New_York;VALUE=DATE-TIME:20150621T120000
DTSTART;TZID=America/New_York;VALUE=DATE-TIME:20150621T110000
DTSTAMP;VALUE=DATE-TIME:20150530T230226Z
UID:b6f4493c-d490-49b9-9d06-5cd65308ef04@localhost
DESCRIPTION:We're all used to seeing the ubiquitous cash drawer - that st
 eel box\, usually under the point-of-sale terminal\, which holds the mon
 ey received from sales - without giving it a second thought. But in rece
 nt years\, the cash drawer has imploded in complexity into a full-blown 
 appliance: From USB and Bluetooth support to on-board accounting and ver
 ification firmware\, this innocuous box has quietly turned itself into a
  central component of the POS.\n\nAnd unsurprisingly\, the security of t
 hese devices has not improved in lockstep with their feature set.\n\nIn 
 this talk\, we will take apart the design and features of a modern cash 
 drawer\, and show why these devices are the proverbial chink in the armo
 ur of a POS system. We will discuss how we reverse engineered the firmwa
 re and the proprietary protocols used by several cash drawer models\, an
 d provide the tools for other reversers interested in following up. Fina
 lly\, we will demonstrate how\, by exploiting several security and desig
 n vulnerabilities\, we can cause cash to disappear without a trace from 
 a targeted business.
URL:https://recon.cx/2015/schedule/events/43.html
SUMMARY:Pandora's Cash Box: The Ghost Under Your POS
ORGANIZER:recon2015
LOCATION:Grand Salon
END:VEVENT
END:VCALENDAR