Josep Pi Rodriguez, Principal Security Consultant, will present: ‘Contactless Overflow//Code execution over NFC in Points of Sale and Cash Points’ at the next hack::soho this month. Josep will explore the vulnerabilities and provide a demo of how readers can be compromised – using a special IOActive-created Android app, and just tapping an Android phone to the reader.
Further exploring the consequences such as financial impact in the reader’s users/owners and card data once the firmware is compromised. The compromised host’s firmware, connected to the reader via USB, can further be manipulated, chaining stack buffer overflow vulnerabilities in the SDK provided by the vendor that is running in the host machine.
Josep’s research was recently featured in Wired magazine, and we’re excited to host you for this exciting presentation.