|
|
|
|
|
|
by ilikeATMs
3069 days ago
|
|
|
The problem with hardware lockdown is that at the end of the day x-boxes and PlayStations are only interacting with a screen to display media. ATMs on the other hand are designed to interact with physical hardware that sucks money up and spits it out. Locking down the operating system is easy, but if the hardware is controlled by serial interfaces then you've got a weak point there unless the serial interfaces are encrypted (spoiler, they are not!). To encrypt them you'd need to put something at the OS side and something at the hardware (pneumatics/motors) side and ensure they aren't accessible (ie, located inside the safe part of the ATM). Its not impossible to do, but I somehow doubt they'll do it anyway. |
|
|
No, it's not. Look at pretty much every console ever made except for the xbox 360/one.
> unless the serial interfaces are encrypted (spoiler, they are not!)
Yeah and that's obviously a problem. Nitpick though, the interface doesn't need to be encrypted, messages just need to be authenticated. Confidentiality of these messages isn't really important since you'll see the cash comming out, and you actually probably need some kind of challenge/response protocol to avoid replay attacks.
But you want them authenticated by a key that is very difficult to get out of the thing controlling the cash dispenser/serial/whatever. Which is why I said put a gaming console inthere, millions of dollars have already been spent, and are still being spent making sure nobody is getting secret keys out of them, even with full access to the hardware.
> To encrypt them you'd need to put something at the OS side and something at the hardware (pneumatics/motors) side and ensure they aren't accessible (ie, located inside the safe part of the ATM). Its not impossible to do, but I somehow doubt they'll do it anyway.
Well no, that's the point. You only need to make sure the pneumatics/motors only take authenticated commands, and that nobody can mess with those. For the OS side you piggy back off console security.