Borja Berástegui – Handware hacking – Si hay un ‘input’, hay peligro [Rooted CON 2014]
-
Upload
rootedcon -
Category
Technology
-
view
325 -
download
4
description
Transcript of Borja Berástegui – Handware hacking – Si hay un ‘input’, hay peligro [Rooted CON 2014]
1Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
“Handware Hacking”
If there is an input, there is danger
@BBerastegui
2Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
What's this NOT about?⬢ Extreme hacking
⬢ 0-days
⬢ Highly technical stuff
⬢ New exploitation techniques
3Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
What's this about?⬢ Accesing to:
⬡ ATMs (a few)
⬢ Not “How” but “What it means”
⬡ Whatever-selling machines
⬢ Obtaining access to any computer (regardless the external case)
⬡ Kiosks
4Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
“Rules”
⬢ No tools (or less as possible)
⬢ Leave everything as found
⬢ Obtain cmd || “bypass” legitimate use restrictions
5Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
How-to⬢ Inputs:
⬢ Techniques:
⬡ Keyboard
⬡ Touch screen
⬡ Race condition
- Knock, knock.+ Race condition.- Who's there?
– A bad joke about “race condition”
⬡ Crash⬡ “Touchy touchy”⬡ URIs
6Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
Screens (1)⬢ Location:
⬢ Type of device:
⬢ Technique: