DEF CON 24 - Weston Hecker - Hacking Hotel Keys and Point of Sale Systems

preview_player
Показать описание
Take a look at weaknesses in Point of sale systems and the foundation of hotel key data and the Property management systems that manage the keys. Using a modified MST injection method Weston will demonstrate several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. And methods of injecting keystrokes into POS systems just as if you had a keyboard plugged into the system. This includes injecting keystrokes to open cash drawer and abusing Magstripe based rewards programs that are used a variety of environments from retail down to rewards programs in Slot Machines.

11 Years Pen-testing, 12 years’ security research and programming experience. Working for a security Company in the Midwest Weston has recently Spoken at DEF CON 22 & 23, Black Hat USA 2016, Enterprise Connect 2016 ISC2-Security Congress, SC-Congress Toronto, HOPE11, BSIDES Boston and over 50 other speaking engagements from telecom Regional events to University’s on security subject matter. Working with A Major University's research project with Department of Homeland Security on 911 emergency systems and attack mitigation. Attended school in Minneapolis Minnesota. Computer Science and Geophysics. Found several vulnerabilities’ in very popular software and firmware. Including Microsoft, Qualcomm, Samsung, HTC, Verizon.
  1. DEFCONConference
  2. def con
  3. defcon
  4. DEF CON 24
  5. Dc24
  6. DC 24
Рекомендации по теме
DEF CON 24 0:44:20

DEF CON 24 - Weston Hecker - Hacking Hotel Keys and Point of Sale Systems

DEF CON 24 0:30:06

DEF CON 24 - Weston Hecker - Hacking Next Gen ATMs From Capture to Cashout

DEF CON 24 0:30:06

DEF CON 24 - Weston Hecker - Hacking Next Gen ATMs From Capture to Cashout

DEF CON 24: 0:45:28

DEF CON 24: Bluetooth Sniffing, Black Badges, DEF CON DarkNet and More! - Hak5 2025

Cheating at poker 0:28:13

Cheating at poker James Bond Style - Defcon 24 (2016)

Hacking cars & 0:05:48

Hacking cars & traffic lights at Def Con - BBC Click

DEF CON 23 0:37:47

DEF CON 23 Conference Weston Hecker Goodbye Memory Scraping Malware

Weston Hecker - 0:24:18

Weston Hecker - PENTESTING How to Get into the Field Explained - DEF CON 27 Hack the Sea Village

DEF CON 25 0:25:20

DEF CON 25 Car Hacking Village - Weston Hecker - Grand Theft Radio Stopping SDR Relay Attacks

DEF CON 25 0:36:29

DEF CON 25 - Weston Hecker - Opt Out or Deauth Trying! AntiTracking Bots & Keystroke Injection

DEF CON 22 0:37:14

DEF CON 22 - Gene Bransfield - Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog

Defcon 21 - 0:41:55

Defcon 21 - Social Engineering: The Gentleman Thief

Nina Kollars - 0:19:55

Nina Kollars - Confessions of an Nespresso Money Mule - DEF CON 27 Conference

DEF CON 23 0:47:34

DEF CON 23 - Robinson and Mitchell - Knocking my neighbors kids cruddy drone offline

DEF CON 25 0:20:33

DEF CON 25 - Dennis Maldonado - Real time RFID Cloning in the Field

DEF CON 21 0:52:09

DEF CON 21 - Mudge - Unexpected Stories From a Hacker Inside the Government

DEF CON 23 0:49:49

DEF CON 23 - Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S

BULLY GETS TAUGHT 0:00:13

BULLY GETS TAUGHT A LESSON!

DEF CON 22 0:42:04

DEF CON 22 - Dr. Philip Polstra - Am I Being Spied On?

When I See 0:00:09

When I See You 🥰 #shorts #shortsfeed #trending

DEF CON 23 0:45:31

DEF CON 23 - Samy Kamkar - Drive it like you Hacked it: New Attacks and Tools to Wireles

Hack All The 0:48:50

Hack All The Things: 20 Devices in 45 Minutes

Defcon 21 - 0:26:52

Defcon 21 - How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers

Defcon 21 - 0:45:20

Defcon 21 - Stalking a City for Fun and Frivolity

Комментарии
Автор

This was my first Defcon and was in this audience, it was awesome.

Frosty-ojhw
Автор

This video is a goldmine of information. Thank you very much, the FAQ in the end was awesome too.

JeffNoel
Автор

I thought his shirt said "I Love My XD

blackneos
Автор

Great content. Tips:
1. Make sure your demo works (and doesn't inject F1 for help each time)
2. SLOW down (But this is a common issue within the hacking community that I've seen...it seems the faster you talk the smarter you think you appear)
3. Echo questions from the audience back before answering
4. Watch word repetition (so, actually, literally)

That being said, I'd probably freeze up on-stage. ;)

MrVNCNVG
Автор

I found a similar non-hack a bit more than Ten years ago. My fiance' purchased on of those pre-pay credit cards from CardCo that u buy if you don't have a bank or credit card. When you buy gas and do a pay at the pump CardCo authorizes and dings you$100.00 then refunds the difference later. I bought $20.00 in gas knowing what I'd be $80.00 down until my refund. The next day I check to see if I got my refund and found that they refunded MY$80.00 a mere second later AND then refunded the full $100.00 as well. I was scared s#!bless until I recalled that the card was absolutely not connected to ANYONE at all much less me. I figured wow I made $100.00 and told my wife we were going out for dinner.
She questioned where I got a the hundred dollars I claimed to have. I told her what happened she got scared and checked the card on her throw away phone only to tell me we gained $180.00. The reader Authorized but NEVER dinged the hundred dollars, but did do the 80 refund then also gave us the 100 cuz the transaction "didn't happen". Wow I found out the next day it did it again. Every time I bought gas at that franchise in that state this happened. The less I bought the more money we got. So I put $3.00 in every day until the tank was full then started having co-workers drive me to jobs saying I'd buy the gas . Made a few grand unit one day it stopped. And that was Okay.
Sorry CardCo but Karma is a bitch. A big happy beeyach gunning for you CardCo.

therugburnz
Автор

as I said on Twitter this is an awesome example of taking someone's work and expanding on it (i.e. Sam's magspoof repurposed) so we can learn more.

murrij
Автор

One thing - I used to install POS systems. Most retailers will go for the very least expensive hardware. And most of the time there's not much security in the least expensive things. Oh and the other thing - they tend to hold on to that hardware for a VERY long time.

And another vector is the bar code reader attached to many POS systems. They'll accept all sorts of different bar code formats too. All depends on how they were setup. And this particularly more acute with self checkout these days.

kds
Автор

My university's cardreaders are just our account numbers... If you swipe it instead of entering text into a field it just types the

NolePTR
Автор

you needs to change a couple of component's on the mp3 player to impedance match the coil to the speaker/headphone driver output, then you get no burnouts

PiezPiedPy
Автор

CAN'T FUCKING WAIT FOR ALL THE TALKS

batmanbob
Автор

Great content, but the presentation was quite disjunctive. I had a hard time following what subject you were talking about. When I did key in, it was great work. Thanks for the talk. Also, laughing during a talk is fine, but be more confident. The nervous chuckle was distracting.

zachhilton
Автор

nothing like watching your company install vulnerable POS systems and having nothing you can do about it. still makes me grind my teeth when the next thing i warned about becomes public

Gunbudder
Автор

its too bad the demo didnt go as smooth as i could have, but even so, excellent talk!

Aftermth
Автор

What's with the video speed? Video/Audio is in sync, but clearly speed up maybe 1.25x speed.
Great presentation!

daverobertson
Автор

So couldn't you use the card reader to inject keystrokes to load the malware via URL?

dspism
Автор

wount dare digitally piss anybody here, the wifi here must be the most dangerous place on earth, lol

ericnyamu
Автор

I'm a security guard and we use this thing called a "toco wand" and we press buttons placed around the post. I'm sure there is a way to spoof this data?

JordanShackelford
Автор

I was watching a series on Youtube that showed how to open doors without picking locks. They talked about how the glass doors in California usually had gaps in them that you could push a tool through to unlock it, or how to use cigarette smoke or compressed air to open a door with a sensor. I cannot seem to locate the series now. Anyone know the name of the series, it is simiar to Def Con but I only saw one of the vids in the series.

IIREHII
Автор

As far as I've seen, this local Restaurant where I live still uses Windows XP for their :) They should at *LEAST* use Windows 7, if not :D

blackneos
Автор

is it me or this video is playing at 1.5x??

MultiMonitorComputer