An introspection-based memory scraper attack against virtualized point of sale systems

Authors:
Jennia Hizver;Tzi-cker Chiueh
Affiliations:
Department of Computer Science, Stony Brook University, Stony Brook;Department of Computer Science, Stony Brook University, Stony Brook
Venue:
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Year:
2011

Citing 9
Cited 0

Playing "Hide and Seek" with Stored Keys

FC '99 Proceedings of the Third International Conference on Financial Cryptography
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Antfarm: tracking processes in a virtual machine environment

ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction

Proceedings of the 14th ACM conference on Computer and communications security
Forensics examination of volatile system data using virtual introspection

ACM SIGOPS Operating Systems Review
Lares: An Architecture for Secure Active Monitoring Using Virtualization

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Proceedings of the 16th ACM conference on Computer and communications security
Cache attacks and countermeasures: the case of AES

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Searching for processes and threads in Microsoft Windows memory dumps

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Quantified Score

Hi-index	0.00

Visualization

Abstract

Retail industry Point of Sale (POS) computer systems are frequently targeted by hackers for credit/debit card data. Faced with increasing security threats, new security standards requiring encryption for card data storage and transmission were introduced making harvesting card data more difficult. Encryption can be circumvented by extracting unencrypted card data from the volatile memory of POS systems. One scenario investigated in this empirical study is the introspection-based memory scraping attack. Vulnerability of nine commercial POS applications running on a virtual machine was assessed with a novel tool, which exploited the virtual machine state introspection capabilities supported by modern hypervisors to automatically extract card data from the POS virtual machines. The tool efficiently extracted 100% of the credit/debit card data from all POS applications. This is the first detailed description of an introspection-based memory scraping attack on virtualized POS systems.