Security Analysis of Smartphone Point-of-Sale Systems
Authors:
WesLee Frisby, Benjamin Moench, Benjamin Recht, and Thomas Ristenpart, University of Wisconsin-Madison
Abstract:
We experimentally investigate the security of several smartphone point-of-sale (POS) systems that consist of a software application combined with an audio-jack magnetic stripe reader (AMSR). The latter is a small hardware dongle that reads magnetic stripes on payment cards, (sometimes) encrypts the sensitive card data, and transmits the result to the application. Our main technical result is a complete break of a feature-rich AMSR with encryption support. We show how an arbitrary application running on the phone can permanently disable the AMSR, extract the cryptographic keys it uses to protect cardholder data, or gain the privileged access needed to upload new rmware to it.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {179506,
title = {Security Analysis of Smartphone {Point-of-Sale} Systems},
booktitle = {6th USENIX Workshop on Offensive Technologies (WOOT 12)},
year = {2012},
address = {Bellevue, WA},
url = {https://www.usenix.org/conference/woot12/workshop-program/presentation/Frisby},
publisher = {USENIX Association},
month = aug
}
title = {Security Analysis of Smartphone {Point-of-Sale} Systems},
booktitle = {6th USENIX Workshop on Offensive Technologies (WOOT 12)},
year = {2012},
address = {Bellevue, WA},
url = {https://www.usenix.org/conference/woot12/workshop-program/presentation/Frisby},
publisher = {USENIX Association},
month = aug
}
Presentation Audio
- Log in to post comments