Problems with payment terminal communication protocol “ZVT” in Germany, allowing
• to read payment cards from the LAN
• to read PIN codes remotely
▻https://srlabs.de/pos-vulns (Security Research Lab)
Fraudsters can, among other things, refund money, or print SIM card top-up vouchers – all at the cost of the victim merchant.
Details of this will appear at the Chaos Communication Congress
▻https://events.ccc.de/congress/2015/Fahrplan/events/7368.html
Full agenda: ▻https://events.ccc.de/congress/2015/Fahrplan/events.html