Security Analysis of Smartphone Point-of-Sale Systems

The authors experimentally investigate the security of several Smartphone Point-Of-Sale (POS) systems that consist of a software application combined with an Audio-jack Magnetic Stripe Reader (AMSR). The latter is a small hardware dongle that reads magnetic stripes on payment cards, (sometimes) encrypts the sensitive card data, and transmits the result to the application. Their main technical result is a complete break of a feature-rich AMSR with encryption support. They show how an arbitrary application running on the phone can permanently disable the AMSR, extract the cryptographic keys it uses to protect cardholder data, or gain the privileged access needed to upload new firmware to it.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Resource Details

Provided by:
University of California San Francisco
Topic:
Security
Format:
PDF