In third-world economies, cheaper often means more accessible. In recent years, there has been a growing interest in modern mobile wallet solutions that allow you to save money, make transactions, payments, and transfer funds to friends or clients with the help of MPOS devices. These small, durable, and simple devices can be used to read credit card information. However, these solutions have vulnerabilities that can be exploited. In this talk, we will provide real-life examples of money theft, credit card information skimming, Bluetooth communication tampering, and hardware hacking associated with these solutions.

DEF CON (also written as DEFCON, Defcon or DC) is a hacker convention held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be "hacked". The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as cyber-security challenges and competitions (known as hacking wargames). Contests held during the event are extremely varied, and can range from creating the longest Wi-Fi connection to finding the most effective way to cool a beer in the Nevada heat.

Turning my Virtual Wallet into a skimming device: Mpos solutions.

Conference: Defcon 31

Authors: Dan Borgogno Security engineer @ LATU, Ileana Barrionuevo Security engineer @ NaranjaX

Abstract

Post a comment

Related work

For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems

For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems

BLEEDINGBIT: Your APs Belong to Us