Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My first job was being a field technician for a bank automation supplier.

We had a "test" card that could be insert on the eprom socket. This small card was almost the same size of the original chip but had a few buttons that allowed us to make the mechanism deliver notes in order to fine tune it.

In a particular ATM design used by major banks in Brazil, this location were accessible by removing a front panel, although you would have to be kind of a contortionist in order to plug it.

Why we can find whole ATMs at junkyards is beyond me: there are many easy to spot flaws. They should grind everything when decommissioning this kind of equipment.



> Why we can find whole ATMs at junkyards is beyond me: there are many easy to spot flaws.

If there are many easy to spot flaws, I don't think finding them in a junkyard is the root of the problem here. This is good old security by obscurity.

As Bruce Schneier says (at least about safes), you should be able to publish the blueprints and source code for the machines, then maybe they'll be secure. There should be enough physical security to ensure an attack will take longer to perform than the response time of the authorities. Any components which are vulnerable to physical attack need the same level of physical protection as the cash that's being protected.

Until this happens, 'hackers' (thieves) are going to keep finding flaws and exploiting them.


It's a false dichotomy. Your private keys are just "obscure" information that requires some effort to find too. And security protocols can be designed so the keys aren't enough.

At the end of the day it's an arms race, and you're just trying to slow attackers down.


Your secrets need to be small, easily changed things (keys, passwords). Not large, difficult to change things like protocols.

That's the point behind rejecting 'security by obscurity', so I can't see any dichotomy between the two.


Well, they're provably secure for some (mind-bogingly massive) search space.

Security by obscurity tends to refer to measures which can be broken once, and thereafter opened trivially. It sounds like the article is about one of these trivial openings.

Everything can be broken; the goal is to move it or arrest them before they can get in, physically or virtually. It just so happens that, virtually, the time required to brute force it can, at times, be on heat-death-of-the-universe scales. Safes tend to rely on men with guns following soon after alarms trigger.


Obtaining most keys doesn't require mind-bogglingly massive searches.


Well, it might not. Can you clue me in to the specific scenario you're thinking about?

Input rate limiting + known key size should provide a concrete search space.


Physically obtaining them through malware, viruses, bugs, backdoors, social engineering, coercion(physical threats, blackmail, application of force), tapping, physical spying, etc.


> It's a false dichotomy.

What part of the parent are you responding to here?

> Your private keys are just "obscure" information that requires some effort to find too.

I think this is highly misleading. There is nothing "just" or "some" about it. Your private keys are "obscured" information that requires a (mostly) specific and quantifiably very large amount of effort to find, and which if it were to become exposed, can be changed without requiring any new design to restore security.

Blueprints and wiring diagrams are "barely if at all obscured" information that requires vague, hard-to-quantify, and often trivially little amount of effort to find, and if exposed, can't be easily changed without requiring entirely new designs, manufacturing, and engineering.


How do you quantify the probability someone will gain unauthorized access to your office?

How do you quantify the probability they have a rootkit for your machine?


Well, that's why I said "mostly". The thing I need to protect, the key, is a very specific piece of data, which is used for one specific purpose, and I can take specific measures to prevent that secret from leaking. Everything from not writing it down, to key-sharing, to physical lock boxes with multiple locks, to offline-only storage, etc. It's much harder to do any of that with blueprints, since blueprints have competing needs -- they are no good if locked in a box most of the time.


I think you're misusing the word "obscure" here. Private keys are not obscure, they're private. You can steal them but you can hardly reverse-engineer them. Finding how a specific model of ATM works is an obscure piece of information but it's not private: people who sell,buy,repair, maintain,design this ATM have this piece of information. Giving enough will and effort one can reverse engineer this information from the ATM itself.


> There should be enough physical security to ensure an attack will take longer to perform than the response time of the authorities.

Replace 'physical' with 'cryptographic' and 'authority response time' with 'reasonable amount of time'. It's literally the same thing.


There is a fundamental difference between obscure and secret. Private keys are secret.


Don't you think there's a fundamental equivalence too?


I agree. At a certain level, all security relies on obscurity.


I beg to differ, security by obscurity only gives a false sense of security and hats have all kind of colors.

Serge Humpich[1] worked with decommissioned ATMs, found and expose a vulnerability allow to withdraw cash with a card not linked to a bank account. Of course instead of listening and fixing the issue the banks tricked him and sued and gave rise to the yescard which forced the banks to patch up their security and replace ATMs. But hey, banks can't do the right choice all the time, can they?

[1]: https://www.everything2.com/title/Serge+Humpich




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: