Investor Presentaiton

POS vulnerabilities POS devices are usually based on standard PC architecture, therefore they share many of the following vulnerabilities that increases their risk of compromise: Misconfiguration USB and serial administrative ports Weak BIOS configuration Unnecessary running services Missing patches Insecure default configurations Insufficient audit logging Inappropriate file or share permissions Inappropriate anti-virus and/or firewall configurations Weak password and account policies • • By-passing Security Availability of protected options that are intended only for maintenance and administrative operations Access to "hidden" menu options used for restricted operations on the POS devices Some older POS devices even had a backdoor key sequence that was intended only for the vendor to reset or reconfigure the device in the event that a master passcode is lost. Exploiting Forensic tools POS devices store sensitive information in different kind of storage media, including removable media. • Credit/debit card and transaction data can be extracted from removable media. Larger POS terminals in some cases store data on hard drives that may not be securely deleted. Data can be extracted using forensic analysis software tools freely and widely available on the Internet. 15

View entire presentation