McTerminals Give The Hamburglar A Chance

The golden arches of a McDonald’s restaurant are a ubiquitous feature of life in so many parts of the world, and while their food might not be to all tastes their comforting familiarity draws in many a weary traveler. There was a time when buying a burger meant a conversation with a spotty teen behind the till, but now the transaction is more likely to take place at a terminal with a large touch screen. These terminals have caught the attention of [Geoff Huntley], who has written about their surprising level of vulnerability.

When you’re ordering your Big Mac and fries, you’re in reality standing in front of a Windows PC, and repeated observation of start-up reveals that the ordering application runs under an administrator account. The machine has a card reader and a receipt printer, and it’s because of this printer that the vulnerability starts. In a high-traffic restaurant the paper rolls often run out, and the overworked staff often leave the cabinets unlocked to facilitate access. Thus an attacker need only gain access to the machine to reset it and they can be in front of a touch screen with administrator access during boot, and from that start they can do anything. Given that these machines handle thousands of card transactions daily, the prospect of a skimming attack becomes very real.

The fault here lies in whoever designed these machines for McDonalds, instead of putting appropriate security on the software the whole show relies on the security of the lock. We hope that they don’t come down on the kids changing the paper, and instead get their software fixed. Meanwhile this isn’t the first time we’ve peered into some McHardware.

36C3: Open Source Is Insufficient To Solve Trust Problems In Hardware

With open source software, we’ve grown accustomed to a certain level of trust that whatever we are running on our computers is what we expect it to actually be. Thanks to hashing and public key signatures in various parts in the development and deployment cycle, it’s hard for a third party to modify source code or executables without us being easily able to spot it, even if it travels through untrustworthy channels.

Unfortunately, when it comes to open source hardware, the number of steps and parties involved that are out of our control until we have a final product — production, logistics, distribution, even the customer — makes it substantially more difficult to achieve the same peace of mind. To make things worse, to actually validate the hardware on chip level, you’d ultimately have to destroy it.

On his talk this year at the 36C3, [bunnie] showed a detailed insight of several attack vectors we could face during manufacturing. Skipping the obvious ones like adding or substituting components, he’s focusing on highly ambitious and hard to detect modifications inside an IC’s package with wirebonded or through-silicon via (TSV) implants, down to modifying the netlist or mask of the integrated circuit itself. And these aren’t any theoretical or “what if” scenarios, but actual possible options — of course, some of them come with a certain price tag, but in the end, with the right motivation, money is only a detail.

Continue reading “36C3: Open Source Is Insufficient To Solve Trust Problems In Hardware”

How The Sony PlayStation Was Hacked

Playgrounds were the comment sections of their day. Every weekday from exactly 1:17 PM until 1:43 PM there were swings to be swung, rumors to be spread, and debates to be settled by whomever was the loudest (some things never change). Allegiances were formed and battle lines were drawn based solely on what video game console you supported. It was this playground system that perpetuated the urban myths of the time.

For PlayStation fans there was the myth that you could save Aerith from her fate in Final Fantasy VII if you just cast the right spell, or the secret code in Tomb Raider that would let you see all of Lara Croft. There was the myth that no one could possibly copy a PlayStation game because all the bottoms of the discs were black. Even the very existence of the first PlayStation, the Super Nintendo PlayStation prototype, was an urban legend. The difference was that last one turned out to be true.

Let’s jump in and take a look at the cat and mouse game between modchip makers looking to defeat the original PlayStation’s copy protection, and Sony’s efforts to protect their castle.
Continue reading “How The Sony PlayStation Was Hacked”

CO2 Laser Decapping To Fix Soldering Mistake

[Carsten] messed up. He was soldering an ARM CPU onto a quadcopter board in haste, failed to notice that the soldering iron was turned up to eleven, and pulled some of the traces up off the PCB. In the process of trying to fix that, he broke three pins off of the 100-pin CPU. The situation was going from bad to worse.

Instead of admitting defeat, or maybe reflowing the CPU off of the board, [Carsten] lasered the epoxy case off of the chip down to the lead frame and worked a little magic with some magnet wire. A sweet piece of work, to be sure!

Continue reading “CO2 Laser Decapping To Fix Soldering Mistake”