Hacker News new | ask | show | jobs
by timewizard 378 days ago
> Sure there is: only signed binaries can run, executable filesystem is read-only, data filesystem has noexec bit set, root login is disabled, crippled busybox misses a lot of functionality, keys are loaded from a secure area on bootup, master key injection only available when loading at the factory, bootup itself is more or less secure, tamper detection blanks the chip, etc.

Sounds good. Has anyone been hired to attempt to attack the device and find vulnerabilities?
1 comments
lelanthran 378 days ago
> Sounds good. Has anyone been hired to attempt to attack the device and find vulnerabilities?

In the company I work with, yup. I'm not sure about the rest of the industry, but the security in place ensures that even the developers of the EMV applications are treated as hostile actors.

The certification process itself does do a little bit of malicious attempts too (try to get the terminal to do something out of spec, like during pin-entry, etc).

link
dijit 378 days ago
How does the binary signing work?

I’m not looking to hack anything, but it sounds cool to have signed binaries only on linux!!

link
lelanthran 377 days ago
Varies from vendor to vendor; signed-binaries-only is part of the certification process but the exact mechanism itself is not (or maybe that has changed, not sure).

The way it worked in 2003 (when I first wrote EMV applications) was, when we have a binary that we are ready to deploy, we ship that binary to the manufacturer (Schlumbeger(sp?), at that time), if it passes cert-testing, they sign it and ship it back and that's what we would program the terminals with.

The way it works now is pretty much the same - we build an APK bundle, send it to the manufacturer (Verifone, Pax, etc) and after signing they make it available on their appstore which their terminal can access.

link
_djo_ 378 days ago
Varies from manufacturer to manufacturer. This is Ingenico's approach, for instance: https://ingenico.com/en/products-services/services/security-...
link
shakna 378 days ago
Whilst I'm sure they use something else, Linux does have an experimental extension, "Integrity Measurement Architecture" extension that allows you to sign and verify RSA keys against every binary.
link
zoobab 377 days ago
ah good to know, I wanted that feature back in 2018 :-)
link