POS (Attacks): When Modern Meets Tradition

Rowland Yu , Senior Threat Researcher L2 , Sophos

POS malware is notorious software specifically created to steal credit card and debit card information mainly from point of sale system in retail stores. This kind of attack has been around for over a decade and has been increasing during past few years. Traditionally, the attack takes aim at machines running on operating systems like Windows, Unix, or Linux. However, in the beginning of 2017 a new type of malware appeared on mobile POS based on Android. Although the new malware was simple and did not cause serious damage, it implies that new changes have occurred on new POS systems with different attack vectors.

Global mobile POS (mPOS) size is forecast to hit USD 48.77 billion by 2023, while Asia Pacific mPOS market share has been over 25% of global revenue. Compared with traditional POS, however, mPOS provides hybrid technology solutions including magnetic stripe, EMV chip and pin, NFC, QR Code and third-party payment apps. Moreover, it always stays on line and has multiple connections such as USB, Bluetooth and GPS. However, with flexibility comes risk. Apart from malware, a study shows over 80% mPOS units in China have security vulnerabilities; another one reveals that 90% mobile apps have potential risks. In this presentation, we will review the attacks in the traditional POS, compare traditional POS with mPOS from a security point of view, and reveal malware and vulnerabilities in mPOS.

Rowland Yu

Rowland Yu is a Senior Threat Researcher Level 2 in Sophos, where he is the primary researcher leading the Android team for malware analysis and emerging threats. He has over 10 years of experience and knowledge in advanced threat research, reverse engineering and remediation, vulnerability assessment, Spam and DLP (data leakage protection). Rowland is also a frequent speaker at the RSA, Virus Bulletin and AVAR conferences.