Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Get to the Money: Hacking POS and POP Systems

Dmitry Chastuhin

This paper has been accepted.

It's no secret that where's money, there are attackers as well. That is why Retail is the field with most security incidents related to credit card stealing. In this presentation, we will describe ways an attacker may use to get access to Point of Sale (POS) or Point of Purchase (POP) systems. Moreover, we will demonstrate some critical SAP POS vulnerabilities and discuss security level of modern POS systems.

To demonstrate them we will use SAP POS developed by SAP (a major enterprise system developer).
Demonstration of a fully operational attack vector, starting at beginning of an attack and ending with accessing critical data.
Although POS security has been widely covered, we'll use practical examples instead of common truth and blanket statements.

Caution! After the presentation, you won't be able to swipe your credit card at stores as carelessly as you used to.

About Dmitry Chastuhin

Dmitry is a Director of security consulting at ERPScan. He works upon SAP security, particularly upon Web applications and JAVA, HANA and Mobile solutions. He has official acknowledgements from SAP for the vulnerabilities found. He is a contributor to the EAS-SEC project. He spoke at the following conferences: BlackHat, Hack in the Box, DeepSec, and BruCON

About Vladimir Egorov

Vladimir is security researcher at ERPScan. Exploit developer, bug hunter