Page 96 - index
P. 96
passwords for configuring the machine; or to record and retrieve customers’ card information and PIN-
pad input; or simply to dispense an attacker-specified quantity of bills from the cash cartridges stored in
the ATM’s vault.
Jack developed the attacks using ATMs he purchased on the Internet and had delivered to his house.
Regarding his purchases, he observed, “They’re pretty easy to get ahold of; you know, you jump online,
and like anything on the Internet, you just ‘add to cart.’”
The second attack Jack demonstrated is a “walk-up attack.” This is where the attacker walks up to an
ATM, uses a key to unlock the front cover that shields the internal electronics, inserts a removable media
device (a USB flash drive, secure digital card or compact flash card) into the internal media slot, and then
closes and re-locks the front cover. These steps took Jack seven seconds to demonstrate live on stage and
mimic a legitimate method whereby an owner uses a removable device to update a device’s firmware.
On stage, the ATM loaded the new firmware and rebooted into the illegitimate code in less than two
minutes.
The walk-up attack requires that the attacker possess a key to unlock the ATM and correctly formatted
replacement firmware to install. The researcher reports that ATM keys are simple to obtain on the
Internet and are “one key fits all,” as shipped by the device manufacturers (in other words, key
customization is rare). The money itself is kept in a vault protected by a combination lock and is
therefore not directly accessible using the key.
Key Takeaways
While building protections for your M2M system, it helps to think like an attacker! Early and often,
consider an adversary’s potential goals for attacking your system, including:
What can I learn or modify about my M2M device and its programming?
What can I learn or modify about my M2M service infrastructure?
What can I glean from intercepting or monitoring my M2M communications?
How can I deny, degrade or disrupt my M2M service?
Attackers can be wily as a coyote in their techniques for attacking your M2M devices. M2M security
researchers have published attacks that use a programming or debugging interface to read or reprogram
a device. They have extracted information from a device by examining buses or individual components.
And, they have replaced or bypassed hardware or software pieces on a device in order to circumvent
security policy. Consider all these vectors in your security analysis of your M2M deployment.
96 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
