Presentation Material
Abstract
Credit card payment processing and point-of-sale (POS) systems are like a black box for most people without knowledge of its internal workings. But recent data breaches of thousands of credit cards have shown that determined attackers have not only mastered ways to steal magnetic stripe cards, but also targeted EMV chip cards.
The session will start by explaining the architecture of different type of POS systems along with its components, operation and integration. This includes magnetic stripe track data format, technology behind credit card readers, point-of-sale hardware and software. A common element in POS attacks is the credit card swipe. Swiping refers to the process of reading un-encrypted credit card data from the magnetic strip of the card by a card reader and communication between the POS terminal. I will explain various malware attack techniques used for exploitation and exfiltration of credit card data. This will include RAM scraping, process hooking and injection, keyboard hooks, command and control techniques as well as Luhn algorithm. A live demo of a PoC ram scraping malware and its internal working will be shown along with explanation of key concepts. A live demo of a working POS system compromise based on a malware that I created for research purpose will be shown. This will be followed by Q&A which will conclude the session.
AI Generated Summary
The talk focuses on the anatomy of credit carding point-of-sale (POS) malware, which has been a significant problem in the US, with numerous high-profile breaches in recent years. The speaker presents a detailed analysis of how these attacks work, including the use of RAM scraping malware to steal credit card data from POS systems.
Key findings and techniques presented include the use of magnetic stripe cards, which are still widely used in the US, and the vulnerabilities of POS systems, which can be exploited by malware to steal credit card data. The speaker also discusses the different types of credit cards, including chip-and-PIN cards and NFC-based cards, and how they are more secure than magnetic stripe cards.
The speaker demonstrates a homegrown malware that can scrape credit card data from a POS system, using techniques such as process enumeration, privilege elevation, and memory scanning. The malware uses regular expressions to identify credit card data and the Luhn algorithm to verify the validity of the data.
Practical implications and takeaways from the talk include the importance of securing POS systems, using more secure payment technologies such as chip-and-PIN or NFC, and implementing robust security measures to prevent malware attacks. The speaker also highlights the need for organizations to prioritize credit card security and to take steps to protect against these types of attacks. Additionally, the speaker mentions the Ghost vulnerability, a remote code execution vulnerability in the Linux glibc library, which can be used to gain control of a system, and advises Linux administrators to patch their systems.