Abstract
Retail industry Point of Sale (POS) computer systems are frequently targeted by hackers for credit/debit card data. Faced with increasing security threats, new security standards requiring encryption for card data storage and transmission were introduced making harvesting card data more difficult. Encryption can be circumvented by extracting unencrypted card data from the volatile memory of POS systems. One scenario investigated in this empirical study is the introspection-based memory scraping attack. Vulnerability of nine commercial POS applications running on a virtual machine was assessed with a novel tool, which exploited the virtual machine state introspection capabilities supported by modern hypervisors to automatically extract card data from the POS virtual machines. The tool efficiently extracted 100% of the credit/debit card data from all POS applications. This is the first detailed description of an introspection-based memory scraping attack on virtualized POS systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chronology of Data Breaches, http://www.privacyrights.org/ar/ChronDataBreaches.htm
PCI Security Standards Council, https://www.pcisecuritystandards.org/
Evolution of Malware: Targeting Credit Card Data in Memory, https://www.trustwave.com/downloads/whitepapers/Trustwave_WP_Evolution_of_Malware_.pdf
Data Breach Investigations Supplemental Report (2009), http://www.verizonbusiness.com/resources/security/reports/rp_2009-data-breach-investigations-supplemental-report_en_xg.pdf
Data Breach Investigation Report (2010), http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf
Restaurant Chain Upgrades Systems and Cuts 2,000 Servers Using Virtual Machines, http://download.microsoft.com/documents/customerevidence/7146_jack__in_the_box_cs.doc
Bringing virtualization and thin computing technology to POS, http://www.pippard.com/pdf/virtualized_pos_whitepaper.pdf
MICROS Systems, Inc. Announces Deployment of MICROS 9700 HMS at M Resort Spa Casino in Las Vegas, http://www.micros.com/NR/rdonlyres/3E357BE8-70DB-468D-B9AB-68F0E784527F/2296/MResort.pdf
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th Annual Symposium on Network and Distributed System Security, pp. 191–206 (2003)
Payne, B.D., Carbone, M., Sharif, M., Lee, W.: Lares: an architecture for secure active monitoring using virtualization. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 233–247 (2008)
Jiang, X., Wang, A., Xu, D.: Stealthy Malware Detection Through VMM-Based ”‘Out-of-the-Box’” Semantic View Reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 128–138 (2007)
What is Xen?, http://www.xen.org/
Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends, http://usa.visa.com/download/merchants/bulletin_critical_vulnerabilities_041509.pdf
Top Five Data Security Vulnerabilities Identified to Promote Merchant Awareness, http://usa.visa.com/download/merchants/Cisp_alert_082906_Top5Vulnerabilities.pdf
Common Vulnerabilities and Exposures: CVE-2007-4993, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4993
Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: tracking processes in a virtual machine environment. In: Proceedings of the 2006 USENIX Annual Technical Conference (2006)
Russinovich M.E., Solomon, D.A.: Microsoft Windows Internals. Microsoft Press (2005)
XenAccess Documentation, http://doc.xenaccess.org/
Luhn, H. P.: Computer For Verifying Numbers. In: Office, U. S. P., USA (1954)
Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., Van Doorn, L.: Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor. In: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 276–285 (2005)
Nance, K., Bishop, M., Hay, B.: Investigating the Implications of Virtual Machine Introspection for Digital Forensics. In: 2009 International Conference on Availability, Reliability and Security (2009)
Shamir, A., van Someren, N.: Playing Hide and Seek with Stored Keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999)
Petterson, T.: Cryptographic key recovery from Linux memory dumps. In: Chaos Communication Camp (2007)
Halderman, J., Schoen, S., Heningen, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Appelbaum, J., Felten, E.: Lest we remember: cold boot attacks on encryption keys (2008)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In: Conference on Computer and Communications Security, pp. 199–212 (2009)
Percival, C.: Cache missing for fun and profit. BSDCan, Ottawa (2005)
Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: the Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Payne, B., Carbone, M., Lee, W.: Secure and Flexible Monitoring of Virtual Machines. In: Proceedings of the Annual Computer Security Applications Conference (2007)
Hay, B., Nance, K.: Forensics examination of volatile system data using virtual introspection. SIGOPS Operating Systems Review 42(3), 75–83 (2008)
Schuster, A.: Searching for processes and threads in Microsoft Windows memory dumps. In: Proceedings of the 6th Annual Digital Forensic Research Workshop, pp. 10–16 (2006)
Memparser analysis tool, http://www.dfrws.org/2005/challenge/memparser.shtml
An Introduction to Windows memory forensic, http://forensic.seccure.net/pdf/introduction_to_windows_memory_forensic.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hizver, J., Chiueh, Tc. (2012). An Introspection-Based Memory Scraper Attack against Virtualized Point of Sale Systems. In: Danezis, G., Dietrich, S., Sako, K. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29889-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-29889-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29888-2
Online ISBN: 978-3-642-29889-9
eBook Packages: Computer ScienceComputer Science (R0)