Sunday, 4 January 2015

Abertay Ethical Hacking Society run their fourth annual Security Conference: Securi-Tay IV

Securi-Tay [1] is an Information Security conferece held by the Abertay Ethical Hacking Society [2], and supported by the Abertay University in Dundee. The aim of the conference is to provide an opportunity to industry professionals, students and information security enthusiasts to attend and share knowledge and information. This year will be the fourth year the conference is taking place (hence the IV) and it will be held on February 27th, 2015. Personally, I believe this conference offers a fantastic opportunity to students to meet and network with experts in the area of security, share information and have a first glance on how their future in the security industry can be like. 

I was very pleased to get accepted to speak at the conference this year and I am already looking forward to it.
This talk is going to be about something I came across only recently and highlights the security issues of virtual terminals and Point-of-Sale (POS) security. I've had the opportunity to speak about different aspects of my research in POS security in the past year (2014) in a number of occasions (BSides London, BSides Manchester, EMF Camp) but not in combination with Virtual Terminals. More specifically the talk will focus on Virtual Terminal security and how one could become a billionaire over night.

The title and the abstract of my talk for Securi-Tay IV can be found at the conference's website under the talks section [3]. For future reference the talk's title and abstract will be also available below. 

I really hope I have a chance to speak to all of you at the conference and potentially share a drink or two. I really appreciate your interest in this field and I hope my talk will keep you all excited once more. I really believe that anyone who has the opportunity to be at this conference should not miss the chance. We are all going to be there and if you have like five minutes to spare, come and say hi. 

Virtual Terminals and POS Security; How I had the chance to become a billionaire.
Very few people use cash nowadays, as most use a debit or a credit card for their everyday needs. These transactions are performed through a Point-of-Sale (POS) device or through a Virtual Terminal. All the certified POS devices and Virtual Terminal applications, make use of strong encryption and secure communication channels in order to connect to the authorisation servers, and complete the transactions. Equally, in 2014 we saw the evolution of POS-affecting malware, where some large/global organizations like Target, Home Depot, and UPS were targeted by the BlackPOS, FrameworkPOS, and Backoff respectively, ending up in millions of card details being stolen, and millions of customers being affected from identity theft and financial fraud.
Following on the above, during the presentation, a number of features (provided in POS devices as standard functionality) and the ability to misuse them during a transaction will be demonstrated. But the main focus will be on a Threat Modelling engagement, undertaken against Virtual Terminals, to explain how I could have ended up with billions in my account, without having to steal a single card number. Dr. Grigorios Fragkos, follow: @drgfragkos


No comments:

Post a Comment