At the ZeroNights conference, anyone will be welcome to participate in the hunt for vulnerabilities in QIWI payment terminals. Two completely functional terminals will be available during the entire event.
DON’T:
- perform destructive actions which can physically damage the terminal
- attack the bill acceptor sensors (fake banknotes, fishing)
DO:
- use lockpicks for physical access to the terminal equipment
- connect additional equipment to the terminal
We are interested in vulnerabilities which allow escaping into Windows layer or executing fake payments using data retrieved from the terminal. Depending on the criticality of a discovered vulnerability, the reward can amount to 150 thousand rubles and will be paid under the established bug bounty program.