Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Security B-Sides London 2015

3rd of June 2015
ILEC Conference Centre 47 Lillie Road, London, SW6 1UD
View analytic
Wednesday, June 3 • 11:00am - 11:45am
Virtual Terminals, POS Security and becoming a billionaire overnight!

Sign up or log in to save this to your schedule and see who's attending!

Very few people use cash nowadays, as most use a debit or a credit card for their everyday needs. These transactions are performed through a Point-of-Sale (POS) device or through a Virtual Terminal. All the certified POS devices and Virtual Terminal applications, make use of strong encryption and secure communication channels in order to connect to the authorisation servers, and complete the transactions. Equally, in 2014 we saw the evolution of POS-affecting malware, where some large/global organizations like Target, Home Depot, and UPS were targeted by the BlackPOS, FrameworkPOS, and Backoff respectively, ending up in millions of card details being stolen, and millions of customers being affected from identity theft and financial fraud.
Following on the above, during this presentation, a number of features (provided in POS devices as standard functionality) and the ability to misuse them during a transaction will be demonstrated. But the main focus will be on a Threat Modelling engagement, undertaken against Virtual Terminals. More specifically, I will demonstrate the major difference between last year's POS malware targeting Card Holder Data (CHD) and a different approach, which targets the actual money directly. In other words, I will show you how I could have ended up with billions in my account, without having to steal a single card number. Dr. Grigorios Fragkos, follow: @drgfragkos

Speakers
avatar for Grigorios Fragkos

Grigorios Fragkos

Dr. Grigorios Fragkos is Senior Information Security Consultant at Sysnet Global Solutions. Additionally Grigorios leads the SysnetLabs team which is the advanced security services and research team in Sysnet, specialising in penetration testing and security research. He has a number of publications in the area of Computer Security and Computer Forensics with active research in CyberSecurity and CyberDefence. His R&D background in Information... Read More →


Wednesday June 3, 2015 11:00am - 11:45am
b. Track 2