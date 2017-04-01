I think the lack of physical security is more surprising than the lack of electronic security. A three-inch hole is pretty big, all things considered. I have to imagine that ATMs are designed to resist drilling three inch holes through to the money or the dispenser mechanism. Why isn't the computer protected to similar degree?
reply
Most communication happens either at serial, SPI, or i2c busses. If it's cars, CAN.
And if you can plug in a wire somewhere, you can damage or pwn it. Most things don't have security, other than software security and physical locks. And even when there is other types of security, like cryptokeys and such, physical wires can usually bypass even those.
If they wanted something that was secure, they could do that glass mesh thing the ORWL does, and have some sort of black dyepack on the money that explodes everywhere. Go for "we ruin so you cant have". But then again, I could see criminals pissed off and taking a hammer primarily to ruin their money, and cause customer consternation.
Disrupt the meshes in any way (EG drilling) would result in three actions.
1) Electronic erase MOST programmable memory in the machine. (Brick it)
2) Engage something akin to an EMO (Emergency Machine Off)
3) If an uplink of some sort exists, broadcast repeatedly on it that such an event occurred and the current uptime.
I have a tendency to pull on things like ATM covers, credit card slots, and the like. And that's because we have lots of skimmers that are found at local gas stations and places around here (big college presence).
So far, I've found an opened gasoline pump door. I called attendant and went to a different pump (attendands didnt have keys for that....) .
Ive also found an ATM that was partially locked and came opened when I gave it a tug. I called our bank's security after that one.
I also found a skimmer on a gas pump as well. It had a fishy look to it and gave it a tug. Pop. Was just a simple card reader and cam module in 1. I harvested the parts and put the microsd card through a good format.
I think the lack of physical security is more surprising than the lack of electronic security. A three-inch hole is pretty big, all things considered. I have to imagine that ATMs are designed to resist drilling three inch holes through to the money or the dispenser mechanism. Why isn't the computer protected to similar degree?
reply