Abstract
Retail industry Point of Sale (POS) computer systems are frequently targeted by hackers for credit/debit card data. Faced with increasing security threats, new security standards requiring encryption for card data storage and transmission were introduced making harvesting card data more difficult. Encryption can be circumvented by extracting unencrypted card data from the volatile memory of POS systems. One scenario investigated in this empirical study is the introspection-based memory scraping attack. Vulnerability of nine commercial POS applications running on a virtual machine was assessed with a novel tool, which exploited the virtual machine state introspection capabilities supported by modern hypervisors to automatically extract card data from the POS virtual machines. The tool efficiently extracted 100% of the credit/debit card data from all POS applications. This is the first detailed description of an introspection-based memory scraping attack on virtualized POS systems.KeywordsVirtual MachinePhysical MemoryCard DataPayment CardWindow MemoryThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Paper version not known (
Free)
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call