Jovan Zivanovic
Reverse Vending Machine (RVM) Security: Real World Exploits / Vulnerabilities
#1about 3 minutes
The financial incentive for hacking reverse vending machines
Reverse vending machines present a security risk because they exchange returned bottles for money, creating an opportunity for financial exploits.
#2about 4 minutes
Understanding the bottle detection and refund process
RVMs use a combination of sensors like barcode scanners, weight sensors, shape detectors, and material analysis to validate and process returned bottles.
#3about 4 minutes
Categorizing common reverse vending machine attack vectors
Attacks on RVMs fall into three main categories: insider manipulation, tricking the bottle acceptance system, and misclassifying bottles for higher payouts.
#4about 4 minutes
Analyzing supermarket receipts to find security flaws
By collecting and comparing receipts from different supermarket chains, researchers identified patterns in barcode generation to find potential vulnerabilities.
#5about 4 minutes
Discovering a predictable and static barcode vulnerability
One supermarket chain used a static EAN-13 barcode on receipts where the refund amount was directly encoded, making it easy to forge.
#6about 2 minutes
Forging a valid receipt with a script and printer
A simple script and a thermal printer can generate a forged receipt with a custom refund amount that is accepted by the store's checkout system.
#7about 2 minutes
The vendor response to the disclosed vulnerability
The RVM manufacturer confirmed the vulnerability and stated that the secure, cloud-validated solution is an optional feature that customers must pay extra for.
#8about 3 minutes
Finding similar and new exploits in Finland's RVMs
An investigation in Finland revealed the same receipt forgery vulnerability, plus a new attack involving swapping barcode stickers on bottles to claim a higher refund.
#9about 2 minutes
Mitigating receipt fraud with a cloud validation system
The most effective way to prevent receipt forgery is to use a centralized data store that generates a unique ID for each receipt and invalidates it after one use.
#10about 9 minutes
Q&A on blockchain, pentesting, and ethical implications
The speaker discusses using blockchain for validation, the importance of early security involvement and pentesting, and the ethics of exploiting recycling systems.
Related jobs
Jobs that call for the skills explored in this talk.
IGEL Technology GmbH
Bremen, Germany
Senior
Java
IT Security
VECTOR Informatik
Stuttgart, Germany
Senior
Java
IT Security
Dirk Rossmann GmbH
Burgwedel, Germany
Intermediate
IT Security
Matching moments
03:04 MIN
Examining IDOR vulnerabilities in major companies
How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR
14:52 MIN
A practical demonstration of exploiting IDOR vulnerabilities
How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR
03:27 MIN
Common security failures beyond individual coding errors
Maturity assessment for technicians or how I learned to love OWASP SAMM
02:00 MIN
Addressing unique security risks in RAG systems
Beyond the Hype: Building Trustworthy and Reliable LLM Applications with Guardrails
05:31 MIN
From vulnerability researcher to automated security founder
The transformative impact of GenAI for software development and its implications for cybersecurity
05:38 MIN
Why attackers use prompt injection techniques
Manipulating The Machine: Prompt Injections And Counter Measures
07:44 MIN
Understanding the recent surge in software vulnerabilities
WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking
05:05 MIN
Understanding common intruder attack vectors
Securing Your Web Application Pipeline From Intruders
Featured Partners
Related Videos
37:32Cyber Security: Small, and Large!
Martin Schmiedecker
43:56Getting under the skin: The Social Engineering techniques
Mauro Verderosa
40:38How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR
Anna Bacher
2:08:06The attacker's footprint
Antonio de Mello & Amine Abed
45:19Security Challenges of Breaking A Monolith
Reinhard Kugler
57:47Cracking the Code: Decoding Anti-Bot Systems!
Fabien Vauchelles
58:59Automotive Security Challenges: A Supplier's View
Davor Frkat
29:47You click, you lose: a practical look at VSCode's security
Thomas Chauchefoin & Paul Gerste
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Vesterling Consulting GmbH
Frankfurt am Main, Germany
Remote
Network Security
Microsoft Office
Vesterling Consulting GmbH
Frankfurt am Main, Germany
Remote
Network Security
Microsoft Office
SVA System Vertrieb Alexander GmbH
Bensheim, Germany
NMap
Linux
Routing
Burp Suite
Kali Linux
+2
SVA System Vertrieb Alexander GmbH
Langenhagen, Germany
NMap
Linux
Routing
Burp Suite
Kali Linux
+2
REWE Group
Wiener Neudorf, Austria
Remote
€70K
Intermediate
Perl
Python
Powershell
Eu Recruit
Amsterdam, Netherlands
VHDL
Python
Matlab
Scripting (Bash/Python/Go/Ruby)
Prognum Automotive GmbH
Ulm, Germany
Remote
C++