Recently Indian government launched a mega scheme 'Jan Dhan Yojana'. On the inaugural day 15 Millions of bank accounts were opened across the country. To cope up with such an increasing customers, Indian banks have come up with a self service passbook printing machine which allows people to print their bank transaction details in their passbook using a single source of truth - a barcode sticker. This talk covers how I have found a security vulnerability involving flaw in barcode encryption used by these newly installed printing machine which allows an attacker to see bank balance of any customer with their entire transaction history. More than 30,000 banks are affected by the flaw. It becomes a critical vulnerability as it cannot be patched just by a software update.Back to Open CFP
nice work, keep it up.
Who'd have thought there'd be security vulns in terribly designed SW?! *YAWN*
"allows people to print their bank transaction details in their passbook using a single source of truth - a barcode sticker." what could possibly go wrong ? This talk does not deserve to be accepted as the initial conditions are way too dumb
I dont think is a generic subject to do a talk on.
We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to firstname.lastname@example.org. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.
Some of the benefits of speaking at INFILTRATE are: