Infiltrate Security Conference OPEN CFP

TALK PROFILE
This CFP is not yet open - Check back soon!

Getting bank transaction history and bank balance of anyone

Penetration Testing
45

Recently Indian government launched a mega scheme 'Jan Dhan Yojana'. On the inaugural day 15 Millions of bank accounts were opened across the country. To cope up with such an increasing customers, Indian banks have come up with a self service passbook printing machine which allows people to print their bank transaction details in their passbook using a single source of truth - a barcode sticker. This talk covers how I have found a security vulnerability involving flaw in barcode encryption used by these newly installed printing machine which allows an attacker to see bank balance of any customer with their entire transaction history. More than 30,000 banks are affected by the flaw. It becomes a critical vulnerability as it cannot be patched just by a software update.

Back to Open CFP
Rated 3 - 53 reviewers

Comments

arnab

nice work, keep it up.

ranok

Who'd have thought there'd be security vulns in terribly designed SW?! *YAWN*

spongepat

"allows people to print their bank transaction details in their passbook using a single source of truth - a barcode sticker." what could possibly go wrong ? This talk does not deserve to be accepted as the initial conditions are way too dumb

citizenx

I dont think is a generic subject to do a talk on.

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: