Contactless Overflow Code Execution Vulnerabilities in Payment Terminals and ATMs
Learn AI, Data Science & Business — Earn Certificates That Get You Hired
Get 20% off all career paths from fullstack to AI
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore groundbreaking security research on NFC payment readers in a 40-minute conference talk from DEF CON 31 that reveals critical code execution vulnerabilities affecting major ATM brands, point-of-sale systems, and payment terminals worldwide. Learn about the technical details of exploitable flaws discovered in application protocol data units (APDU) across multiple vendors including IDtech, Ingenico, Verifone, CPI, BBPOS, Wiseasy, and Nexgo. Witness live demonstrations showing how payment readers can be compromised using a custom Android app through simple NFC tapping, and understand the financial implications of firmware exploitation including card data theft. Dive into advanced attack scenarios involving USB-connected host compromise through SDK vulnerabilities and potential ATM jackpotting methods leveraging IDtech readers. Gain insights from years of ATM security testing experience and learn about the technical feasibility of various attack vectors targeting payment infrastructure.
Syllabus
DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep Rodriguez
Taught by
DEFCONConference