DEF CON 24 - Weston Hecker - Hacking Hotel Keys and Point of Sale Systems
HTML-код
- Опубликовано: 16 окт 2024
- Take a look at weaknesses in Point of sale systems and the foundation of hotel key data and the Property management systems that manage the keys. Using a modified MST injection method Weston will demonstrate several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. And methods of injecting keystrokes into POS systems just as if you had a keyboard plugged into the system. This includes injecting keystrokes to open cash drawer and abusing Magstripe based rewards programs that are used a variety of environments from retail down to rewards programs in Slot Machines.
11 Years Pen-testing, 12 years’ security research and programming experience. Working for a security Company in the Midwest Weston has recently Spoken at DEF CON 22 & 23, Black Hat USA 2016, Enterprise Connect 2016 ISC2-Security Congress, SC-Congress Toronto, HOPE11, BSIDES Boston and over 50 other speaking engagements from telecom Regional events to University’s on security subject matter. Working with A Major University's research project with Department of Homeland Security on 911 emergency systems and attack mitigation. Attended school in Minneapolis Minnesota. Computer Science and Geophysics. Found several vulnerabilities’ in very popular software and firmware. Including Microsoft, Qualcomm, Samsung, HTC, Verizon.
This was my first Defcon and was in this audience, it was awesome.
Frosty Did you bring your phone/wallet with you? I'd be scared shitless if I were 10 miles close to these guys.
Mr Rustles i heard people just turn the Bluetooth and phone off
I did take my phone and wallet, I put my phone into airplane mode while I was there.
Biggest tip for organization is get the defcon app that allows you to see the schedule of all talks and events. Book way early for events like the shooting range, it'll be full months before the con. Attend the 101 track they give you all the other tips you'll need there. Oh and it runs across 4 days but basically nothing actually happens on day 1 you can get your badge but pretty much everything is closed.
I thought his shirt said "I Love My Wi-Fi"..... XD
that would've been way better
"Where can I find some wifi bro?" "All around the campus" XD (22 Jump Street)
Nick Smith I know, right.....? :D
Andre Daoust I don't think I've seen that Movie before..... :)
I thought it read; "I love my Waifu"
This video is a goldmine of information. Thank you very much, the FAQ in the end was awesome too.
Great content. Tips:
1. Make sure your demo works (and doesn't inject F1 for help each time)
2. SLOW down (But this is a common issue within the hacking community that I've seen...it seems the faster you talk the smarter you think you appear)
3. Echo questions from the audience back before answering
4. Watch word repetition (so, actually, literally)
That being said, I'd probably freeze up on-stage. ;)
His wife makes him wear that t-shirt.
lol yes she does :-)
+weston hecker Are you the guy in this talk?
Yes This was one of the talks from this year
No you haven't. This link is for some game.
Darren Howarth you really visiter a link under this video? Hahah
This man is a rebel with a cause. There's a podcast about it, if you don't believe me (Hidden Brain). I have so many positive words to say about this man. Weston, you should probably practice your talks so people believe in you more! But anyone who doesn't know him, trust him. He's a legitimate genius.
as I said on Twitter this is an awesome example of taking someone's work and expanding on it (i.e. Sam's magspoof repurposed) so we can learn more.
I found a similar non-hack a bit more than Ten years ago. My fiance' purchased on of those pre-pay credit cards from CardCo that u buy if you don't have a bank or credit card. When you buy gas and do a pay at the pump CardCo authorizes and dings you$100.00 then refunds the difference later. I bought $20.00 in gas knowing what I'd be $80.00 down until my refund. The next day I check to see if I got my refund and found that they refunded MY$80.00 a mere second later AND then refunded the full $100.00 as well. I was scared s#!bless until I recalled that the card was absolutely not connected to ANYONE at all much less me. I figured wow I made $100.00 and told my wife we were going out for dinner.
She questioned where I got a the hundred dollars I claimed to have. I told her what happened she got scared and checked the card on her throw away phone only to tell me we gained $180.00. The reader Authorized but NEVER dinged the hundred dollars, but did do the 80 refund then also gave us the 100 cuz the transaction "didn't happen". Wow I found out the next day it did it again. Every time I bought gas at that franchise in that state this happened. The less I bought the more money we got. So I put $3.00 in every day until the tank was full then started having co-workers drive me to jobs saying I'd buy the gas . Made a few grand unit one day it stopped. And that was Okay.
Sorry CardCo but Karma is a bitch. A big happy beeyach gunning for you CardCo.
One thing - I used to install POS systems. Most retailers will go for the very least expensive hardware. And most of the time there's not much security in the least expensive things. Oh and the other thing - they tend to hold on to that hardware for a VERY long time.
And another vector is the bar code reader attached to many POS systems. They'll accept all sorts of different bar code formats too. All depends on how they were setup. And this particularly more acute with self checkout these days.
Plus you can configure the bar code scanners with the config codes for said Bar code models. Plus most stores will use the same models for all cashier machines
So self checkout, you can checkout and pay, then enter the barcode into into configuration mode, before you leave the store, it will leave them clueless on why it's not working 😂😂😂😂
It all depends on data stuffing. 😂😂What do you think the scammer can benefit from?@@deanvangreunen6457
nothing like watching your company install vulnerable POS systems and having nothing you can do about it. still makes me grind my teeth when the next thing i warned about becomes public
Great content, but the presentation was quite disjunctive. I had a hard time following what subject you were talking about. When I did key in, it was great work. Thanks for the talk. Also, laughing during a talk is fine, but be more confident. The nervous chuckle was distracting.
CAN'T FUCKING WAIT FOR ALL THE TALKS
you needs to change a couple of component's on the mp3 player to impedance match the coil to the speaker/headphone driver output, then you get no burnouts
wount dare digitally piss anybody here,the wifi here must be the most dangerous place on earth, lol
its too bad the demo didnt go as smooth as i could have, but even so, excellent talk!
My university's cardreaders are just our account numbers... If you swipe it instead of entering text into a field it just types the number.....
So couldn't you use the card reader to inject keystrokes to load the malware via URL?
Yea that's what his demo at the end was going to be but internet at DC sucks.
I'm a security guard and we use this thing called a "toco wand" and we press buttons placed around the post. I'm sure there is a way to spoof this data?
I wondered the same when I was working in security, you can find datasheets for the buttons (called iButtons) if you google "ds1996 ibutton datasheet", I've not looked into it a great deal but the information on their design and operation is pretty widely available so it probably wouldn't be too hard if you know what you're doing.
You can also buy a reader for 30 USD if you want to take the easy route (google "blue dot receptor") but it needs a USB adaptor that costs more than the thing itself, so you're looking at around 60USD, and I'm still not sure about software
What's with the video speed? Video/Audio is in sync, but clearly speed up maybe 1.25x speed.
Great presentation!
Yea i drank a Rockstar before i went on stage I dont think they added any speed.
IT'S HAPPENING! :D
DC24 Talk time!
FINALLY, this is all I have been wanting for weeks.
saaaaaaaaaaaaame
FINALLY!
Well here we go again
As far as I've seen, this local Restaurant where I live still uses Windows XP for their PoS..... :) They should at *LEAST* use Windows 7, if not Linux....... :D
Funny you say that,I was working for MOJ over here in the UK and I was supprised to see that all of the prisons I would work with would use XP.I was let go after I told them it's a massive security risk.They also used to leave the doors to the server room unlocked so if anyone managed to talk their way in to the building they would be fucked....It's crazy how people don't care about things like this they always assume it just won't happen to them.FYI don't know if i'm supposed to say this but there is no security checks for IT engineers going in and out of prisons every now and then we would get calls from engineers that would ask me to call the prison office to let them know they're on site they could of been anyone we would have no knowledge of this and niether did the site. we would just get them buzzed in,It was fucked
Paul Badman Wow..... :D Sounds like you worked for some real incompetent people..... :) In the US, we had Enron, who screwed it's Employees over *BIG* time....... :\
embedded windows xp is still somewhat supported for additional fee. the cost of replacing that is more than the estimated risk. but that estimation quickly changes when the shit hits the fan.
Sernioum Deoiumnasderi Indeed it does..... :\ I'm just glad I use Linux..... :D I helped a guy switch over to it, and he uses it for his Business now..... ;D
I did restaurant management support for a well known burger outlet, we had VNC access to every POS, they were all running XP embedded. Some of the scripts (.bat) we came up with were very powerful at automating our jobs and getting the manager off the phone in the shortest time possible! I left when nobody could see we should have only been dealing with hardware failure, not software workarounds/manager laziness. The company its self (outsourced) was clueless which didn't help - they bid too low for the contract.
Neat stuff, gotta work on that presentation style though. You said "so" about every 5th word! :)
Unexplained Stories Definitely not the worst Defcon presentation I've seen though.
Great talk ! !
Thanks
Where the hell do you learn all of this?????
My first video of this season :D
I was watching a series on RUclips that showed how to open doors without picking locks. They talked about how the glass doors in California usually had gaps in them that you could push a tool through to unlock it, or how to use cigarette smoke or compressed air to open a door with a sensor. I cannot seem to locate the series now. Anyone know the name of the series, it is simiar to Def Con but I only saw one of the vids in the series.
I think you're looking for this, it's what led me to this video: ruclips.net/video/rnmcRTnTNC8/видео.html
It's called "I'll let myself in".
this guy's nickname should be beavis
I know this was 2016, but why not use an arduino, raspberry pi, shit a cheap laptop even & NFC microprocessor instead of a brand new phone for NFC pen testing
NFC enabled phones are much cheaper today so it’s not really an issue but I am sure there were microprocessors fitting with the arduino, USB enabled devices and more than worked with NFC
i've looked at alot of the hotel key locks and they are not compatible with sammy kamkars hotel hack.
Most of them that dont work just require a heavy piece of paper in the slot.
+weston hecker Question do those shirts cost a pair of balls
Lol nope it was just a shout out to the lady that puts up with me :-)
+weston hecker lol just giving you a hard time must be nice to be blessed with a great job and family
lol it you can find a lady who will not get mad when you bring an ATM home keep her lol its all good man.
*Finally here!*
I've run into the refund to the wrong card thing before. i could write a book about the insane POS shit i've seen. fucking POS systems...
what about source of knowledge online contet? still waiting :/
Ill get the demo loaded of the driveby attack. It worked in my room before i went of stage :-(
+weston hecker very good talk man
weston hecker
nothing new. the info was pretty obvious for those who worked with this systems and cared to know the guts of *how* it worked.
I think that is a major aspect you point out, not many people care. they do their job and go home, they are not enthusiasts by any means, they are doing what they are doing for job security and $. The shit I've seen people let slide and the fact that many do not update any knowledge besides what a company provides, and I work at lovely AT&T =/ they have their own entire investigation/police unit - yet their security surprisingly sucks
cool, where's your video explaining the fundamentals of the space to a general audience in
What's the actually/literally count?
acrosst
is it me or this video is playing at 1.5x??
its time to feel like neo
man I never knew Hugh Laurie knew so much about hacking
Okay then... switching to cash for EVERYTHING from now on. lol
Im gona load the DEMO that Failed DAMN 4g in vegas !!!!
Hey, I was interested in getting started with this. You mention msr103s however I can't seem to find anything with that name online. Is there another name for them?
Try Magnetic Strip Reader instead of msr
"MSR90 USB Magnetic Credit Card Reader Stripe Swipe Magstripe Scanner 3 Tracks Mini Smart Card Reader MSR605 MSR606 Deftun" the MSR 103 product number is vendor specific here is the first one aside from msr605 which is a reader and writer
@@nazerbs MSR 605 is the big read and write so the little ones are 103 model it was a Chinese clone.
You can kind of tell that he isnt disclosing or being obvious with all of the information his research has found. He only touches on some of the things that POS are vulnerable too, and he doesn't go in depth or is putting things in too plain of English, mostly, I think, because he thinks the information would be exploited too easily if it was known..
Enjoyed the talk but honestly every PowerPoint slide with text reads awful lol
PMS i thought by reading the tombnail he was going to talk about his wife PMS.
interesting talk
So, uh, yeah. Um, yeah.
So much actually.
A-C-R-O-S-S no T or D anywhere!
low profile piece of 70 lb. paper ...?
70 lb paper is crafting paper its almost cardboard.
you're at hotacking hotel keys
Do Not have a drinking game for the word actually.
Mannerisms come out when people are on stage infront of 4000+ people.
as seen in Mr. Robot
Yea i noticed the square reader and magspoofer set up :-)
i say this with the most upmost respect: you are sick dude!
17:45 I *think* I know what point you intended to make, but... you really missed it
Explain?
tough crowd
He says "heh" way to much xd
this dude is coked out.
!
Nope its just Rockstar Energy
yeah no kidding. dude is talking at 50words per second.
had this thought, but really enjoyed the talk. It seems its just a personality thing LOL
speed
Lol drank two rockstars that morning
so
fiballyyyyyy
10:00
parts from china should be U.S.A
and uh so yeah so and so. yeah. so.
Its nurv racking on stage infront of 3000-4000 hackers some of the speaking ticks come out.
What's so special about this? He didn't write any drivers or kernel exploits. I doubt he even knows OS design.... Cert kiddies.
I do alot of exploits. people just dont want to hear talks about single product xploits anymore :-( I loved some of the old raw tech talks on Defcons past. And I did have to reverse alot of Drivers which is harder than making them
Awesome topic, horrible presentation style (speaker seems bored and "above" his crowd), even worse T-Shirt (though I admire the balls one needs to wear that abomination in public). Thanks for the talk anyway. Smart stuff !
Thanks
Great topic. Worst presenter ever. He brags he "does a lot of talks", and yet It's impossible to listen to him with all "uhm actually and yea hehe so basicaly hehe hm uuuhm and yea so". Also, he didn't even bother to credit Samy's work properly. It's MagSpoof, not MagSpoofer.
Thanks for the feedback. Its very stressful for tech guys to talk in front of groups of 5000 experts . my biggest thing with big crowds is making sure i use the proper term which is taxing to do when your on stage. Thanks for the feedback.
A horribly bad speech! And a very bad presentation!
Always like feedback let a person know how they could do it better.