Home / Series / Chaos Communication Congress / Aired Order / Season 32 / Episode 31

Shopshifting

Speakers: Karsten Nohl, Fabian Bräunlein, dexter Payment systems are old and have – unlike card protocols – seen little scrutiny so far. This talk enumerates design and implementation flaws in payment processing systems, which can defraud consumers and merchants. Like most embedded devices, payment system elements are potentially vulnerable to a range of attacks. This has not changed in years. What did change, though, is the exposure of these vulnerabilities: Serial interfaces are now exposed via ethernet; proprietary backend protocols are reachable over the Internet TCP, and flaws in real time operating systems are widely known. This talk provides an overview of design issues and implementation vulnerabilities in current payment processing systems, including un-authenticated protocols and insecure hardware implementations, which enable fraud vectors against merchants who operate payment terminals and consumers who use them. Some of them remote and pre-auth ...

English
  • Originally Aired December 27, 2015
  • Runtime 60 minutes
  • Production Code 7368
  • Created September 19, 2017 by
    Administrator admin
  • Modified September 19, 2017 by
    Administrator admin