7 sins of atm
play

7 sins of ATM protection against logical attacks Timur Yunusov - PowerPoint PPT Presentation

Sep 30, 2023 •191 likes •647 views

7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com whoami Positive Technologies (from 2009) Application security researcher (from 2009) Banking systems

  1. Заголовок 7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com

  2. Заголовок whoami • Positive Technologies (from 2009) • Application security researcher (from 2009) • Banking systems security senior expert (from 2012) • Big fan of #nullcon • Always in search/research ;)

  3. Заголовок whoami • Positive Technologies (from 2009) • Application security researcher (from 2009) • Banking systems security senior expert (from 2012) • Big fan of #nullcon • Always in search/research ;) 10+ ATMs for the last year

  4. Заголовок ATM security assessment

  5. Заголовок 7 sins • Kiosk bypass techniques • Privilege escalation techniques • Application control software bypass • Network physical layer • Device management • OS / Software vulns / OS • Booting process Kiosk mode bypass • Logical vulnerabilities Network • Network attacks • Hardware attacks Hardware

  6. Заголовок Blackbox Blackbox is dead

  7. Заголовок Blackbox Blackbox is dead

  8. Заголовок Blackbox Have strong crypto btw dispenser and OS? Blackbox is (almost) Yes dead (for researchers) BB is not BB is possible possible

  9. Заголовок Kiosk mode bypass Kiosk mode bypass Windows XP/7

  10. Заголовок Kiosk mode bypass • Safe mode • Hotkeys • Windows Plug&Play • Race condition

  11. Заголовок Safe mode • F8 + Safe mode with command line • DS restore mode • AC/DC fun

  12. Заголовок Hotkeys • Win+R

  13. Заголовок Hotkeys • Win+R • Alt+Tab • Alt+F4 • Alt+Shift+ESC • F1-F12 • Shift x5 (Windows 7 only) • Win+(etc) http://www.techrepublic.com/blog/windows-and-office/the- complete-list-of-windows-logo-keyboard-shortcuts/

  14. Заголовок AlwaysOnTop This ATM is Out Of Service, Sorry for inconvenience

  15. Заголовок AlwaysOnTop This ATM is Out Of Service, Sorry for inconvenience • Disabling mouse icon • AlwaysOnTop

  16. Заголовок P&P

  17. Заголовок P&P

  18. Заголовок P&P video/screenshot

  19. Заголовок End of the story

  20. Заголовок Privilege escalation techniques • How exactly we extract money?

  21. Заголовок Privilege escalation techniques • FS restrictions • Local Security Policy restrictions

  22. Заголовок Privilege escalation techniques • Arbitrary command execute - XFS API • Command execute - priv escalation • Write files/registry - modify sec configs

  23. Заголовок Privilege escalation techniques • Arbitrary command execute - XFS API • Command execute - priv escalation • Write files/registry - modify sec configs • Read files - ***

  24. Заголовок App control software bypass Story so far… • https://evi1cg.me/archives/AppLocker_Bypass_Techniques.html • https://cansecwest.com/slides/2016/CSW2016_Freingruber_Bypassi ng_Application_Whitelisting.pdf

  25. Заголовок Security software bypass • McAfee Solidcore - https://www.ptsecurity.com/ww-en/about/news/131496/ • MS Applocker - http://www.blackhillsinfosec.com/?p=5257 – State of Art! • etc (6 total different products) – stay tuned! • 0days (5 total, in process of fixing): network, local, logical • Misconfiguration • Whitelist Memory Execution: IE, rundll32, powershell, java, etc

  26. Заголовок Security software bypass

  27. Заголовок Network • Processing • Track2 • OS services • Software services (Solidcore, UPDD, etc) • Processing • Track2 VPN TLS MAC + Firewall • Processing

  28. Заголовок Network vulns • VPN disabling • Logical vulns part • TLS disabling • MAC disabling • Files/registry manipulations

  29. Заголовок Network/Hardware layer • 3G industrial modem • Long story short http://blog.ptsecurity.com/2015/12/critical- vulnerabilities-in-3g4g-modems.html • Security measures • VPN channel • Private APN • Result • ATM network infection • Processing access

  30. Заголовок Network/Hardware layer • Access to *:80 • Auth bypass • Physical access • Proper VPN protocols(((

  31. Заголовок Device mgmt How to do all hacking stuff much easier?

  32. Заголовок Device mgmt • Keyboard/mouse • Teensy • Network card • fw bypass • plug&play • USB drive • local access to Exe file content • plug&play • MS13-081

  33. Заголовок Booting process The easiest way is…

  34. Заголовок Booting process • BIOS pwd • Network load • Safe mode • Physical access • OS access • Same passwords story • Bootkit • Software skimming

  35. Заголовок Logical vulns How it happened?

  36. Заголовок Logical vulns • Security tools runs from regedit/autorun • Shift x5 • Win+U • Security race condition • Hash(loooooooong file) • exploit.exe at the same time • Ctrl+C

  37. Заголовок Logical vulns

  38. Заголовок Logical vulns • VPN disabling

  39. Заголовок Logical vulns • FS access is strictly prohibited

  40. Заголовок Logical vulns • FTP is strictly prohibited!

  41. Заголовок Summary Windows 7 SP1 ATM Windows XP SP3 ATM Kiosk bypass Hotkeys/Safe mode KeyboardDisabler bypass App control bypass 0day/Trusted soft Untrusted booting Privilege escalation 0day/MS15-051 Untrusted booting VPN/TLS disabling Misconfiguration/FS Untrusted booting Social Engineering Misconfiguration/FS - Untrusted boot BIOS accessing from OS No password Network attacks MAC/TLS/VPN/App service MAC/TLS/VPN/OS services

  42. Заголовок How all that happens? • Security through obscurity is not an option! • You should know your landscape and your threat model • Use compliance management tools instead of paper • In case of impossibility of fixing vulns, use mitigation measures like SIEM

  43. Заголовок Greetz • Anon guy ;-) • Positive Technologies researchers teams: • ICS/SCADA • Reverse Engineering • Banking security

  44. Заголовок Contacts http://uk.linkedin.com/in/tyunusov tyunusov@ptsecurity.com a66at

  45. Заголовок Thank You! ptsecurity.com

Recommend

Grace Q&A with Ken Legg 1) What does this mean? If you forgive the sins of any, they

Grace Q&A with Ken Legg 1) What does this mean? If you forgive the sins of any, they

Grace Q&A with Ken Legg 1) What does this mean? If you forgive the sins of any, they are forgiven them; if you retain the sins of any, they are retained (John 20:23) 1) Only God can forgive sins 2) All our sins were paid for at

609 views • 24 slides
The Seven (More) DEADLY SINS OF Microservices Daniel Bryant @ danielbryantuk OpencRedo

The Seven (More) DEADLY SINS OF Microservices Daniel Bryant @ danielbryantuk OpencRedo

The Seven (More) DEADLY SINS OF Microservices Daniel Bryant @ danielbryantuk OpencRedo Previously, AT QCON NYC 2015... https://www.infoq.com/presentations/7-sins-microservices 14/06/2016 @danielbryantuk The Seven (more) Deadly Sins of

979 views • 60 slides
The Seven (More) DEADLY SINS OF Microservices @ danielbryantuk @ spectolabs Previously, AT Devoxx

The Seven (More) DEADLY SINS OF Microservices @ danielbryantuk @ spectolabs Previously, AT Devoxx

The Seven (More) DEADLY SINS OF Microservices @ danielbryantuk @ spectolabs Previously, AT Devoxx UK & QCON NYC 2015... https://www.infoq.com/presentations/7-sins-microservices 01/05/2017 @danielbryantuk The Seven (more) Deadly Sins of

939 views • 53 slides
The 7 Deadly Sins of Running a Ministry (and how

The 7 Deadly Sins of Running a Ministry (and how

The 7 Deadly Sins of Running a Ministry (and how not to let your human nature throw your call from God down the toilet) presented

756 views • 57 slides
And when He had said this, He breathed on them, and said to them, Receive the Holy Spirit. If

And when He had said this, He breathed on them, and said to them, Receive the Holy Spirit. If

And when He had said this, He breathed on them, and said to them, Receive the Holy Spirit. If you forgive the sins of any, they are forgiven them; if you retain the sins of any, they are retained. John 20:22-23 The Last Words of Christ

1.87k views • 183 slides
Genesis 3:1-24 Micah 7:19 (NIV) 19 You will again have compassion on us; you will tread our sins

Genesis 3:1-24 Micah 7:19 (NIV) 19 You will again have compassion on us; you will tread our sins

Genesis 3:1-24 Micah 7:19 (NIV) 19 You will again have compassion on us; you will tread our sins underfoot and hurl all our iniquities into the depths of the sea.

479 views • 14 slides
Bar of Soap 1 John 1:9 If we confess our sins, He is He is fa fait ithfu ful l an and

Bar of Soap 1 John 1:9 If we confess our sins, He is He is fa fait ithfu ful l an and

The Christians Bar of Soap 1 John 1:9 If we confess our sins, He is He is fa fait ithfu ful l an and ju just to fo forgiv give e us our sin ins an and to cl clea eanse us e us fr from m al all l unrighteousness.

889 views • 56 slides
States Growing Interest in Sins Despite Shrinking Sin Tax Revenues National Tax

States Growing Interest in Sins Despite Shrinking Sin Tax Revenues National Tax

States Growing Interest in Sins Despite Shrinking Sin Tax Revenues National Tax Association 49th Annual Spring Symposium May 17, 2019 Lucy Dadayan and Richard Auxier Cigarette / tobacco taxation 1864 Federal government enacted

346 views • 20 slides
The 7 Deadly Sins of DevOps Presented by: Larry

The 7 Deadly Sins of DevOps Presented by: Larry

AT5 DevOps Practices Thursday, November 7th, 2019 10:00 AM The 7 Deadly Sins of DevOps Presented by: Larry Maccherone

463 views • 3 slides
1 2 Through the symbolism of the two goats and the actions of the High Priest we understand

1 2 Through the symbolism of the two goats and the actions of the High Priest we understand

1 2 Through the symbolism of the two goats and the actions of the High Priest we understand the meaning of this very important holyday REMO REMOVAL AL AND AND FO FORGIVENESS GIVENESS OF OF OUR SINS OUR SINS BY BY THE THE PO POWER

861 views • 69 slides
If your ur br brother ther sins ns ag agains ainst you, ou, go o and and tell hi him

If your ur br brother ther sins ns ag agains ainst you, ou, go o and and tell hi him

Ma Mathe hew w 18:1 :15-20 (ESV) V) If your ur br brother ther sins ns ag agains ainst you, ou, go o and and tell hi him his his fault, ult, between een you u and and hi him al alone one. If f he he listens ens to

1.03k views • 15 slides
The Tale of Two Sins: Regulation of Gambling and Tobacco Richard A. McGowan,S.J. Boston

The Tale of Two Sins: Regulation of Gambling and Tobacco Richard A. McGowan,S.J. Boston

The Tale of Two Sins: Regulation of Gambling and Tobacco Richard A. McGowan,S.J. Boston College 1964 Tobacco: 40% of the Adult Population Smoke cigarettes. Smoking was permitted in all public places; 15% of TV network advertising

305 views • 13 slides
We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud Siegfried Rasthofer (TU Darmstadt / CASED) Eric Bodden (TU Darmstadt / Fraunhofer SIT) Carlos Castillo (Intel Security) Alex Hinchliffe (Intel

510 views • 39 slides
CAN THE GOLD INDUSTRY AVOID THE SINS OF THE PAST? NICK HOLLAND CEO GOLD FIELDS To come to

CAN THE GOLD INDUSTRY AVOID THE SINS OF THE PAST? NICK HOLLAND CEO GOLD FIELDS To come to

AUSTRALIAN INTERNATIONAL MINE MANAGEMENT CONFERENCE 22 AUGUST 2016 CAN THE GOLD INDUSTRY AVOID THE SINS OF THE PAST? NICK HOLLAND CEO GOLD FIELDS To come to our conclusions, we have analysed MESSAGE OF THE PRESENTATION financial and

580 views • 37 slides
Seven (+-2) Sins of Concurrency Chen Shapira In which I will show classical concurrency problems

Seven (+-2) Sins of Concurrency Chen Shapira In which I will show classical concurrency problems

Seven (+-2) Sins of Concurrency Chen Shapira In which I will show classical concurrency problems and some techniques of detecting and avoiding them I have a B.Sc. in CS and Statistics, OCP, 10 years of production IT experience and Im an

946 views • 46 slides
I am writing to you, dear children, because your sins have been forgiven on account of His

I am writing to you, dear children, because your sins have been forgiven on account of His

I am writing to you, dear children, because your sins have been forgiven on account of His name. I am writing to you, fathers, because you know Him who is from the beginning. I am writing to you, young men, because you have overcome the evil

749 views • 35 slides
SINS OF OMISSION George Akerlof INET Edinburgh: October 22, 2017 MISCONCEPTION Misconception

SINS OF OMISSION George Akerlof INET Edinburgh: October 22, 2017 MISCONCEPTION Misconception

SINS OF OMISSION George Akerlof INET Edinburgh: October 22, 2017 MISCONCEPTION Misconception of the field. Scientific Method: Simple models Statistical analysis. MULTI-TASKING PROBLEM Such exclusionary definition: Dangerous

333 views • 14 slides
We know what you did this summer: Android Banking Trojan exposing its sins in the cloud

We know what you did this summer: Android Banking Trojan exposing its sins in the cloud

We know what you did this summer: Android Banking Trojan exposing its sins in the cloud Siegfried Rasthofer (TU Darmstadt / CASED) Eric Bodden (TU Darmstadt / Fraunhofer SIT) Carlos Castillo (Intel Security) Alex Hinchliffe (Intel Security)

626 views • 34 slides
Planned Refresh of TDR Pilot 1 Schedules / SINS September 12, 2017 Disclaimer "The

Planned Refresh of TDR Pilot 1 Schedules / SINS September 12, 2017 Disclaimer "The

U.S. General Services Administration Planned Refresh of TDR Pilot 1 Schedules / SINS September 12, 2017 Disclaimer "The purpose of this webinar is to allow GSA FAS to verbally present the DRAFT planned solicitation refresh and related

661 views • 14 slides
ST. PAUL'S UNITED CHURCH OF CHRIST teacher and loves everyone. He died for our sins and arose

ST. PAUL'S UNITED CHURCH OF CHRIST teacher and loves everyone. He died for our sins and arose

We believe Jesus is the son of God. Jesus performed many miracles, healed the sick, was a great ST. PAUL'S UNITED CHURCH OF CHRIST teacher and loves everyone. He died for our sins and arose from the dead. He will come again. "We Shine For

490 views • 3 slides
SEVEN SINS BUILT/REFIT 2005 / 2015 -- BUILDER Heesen -- NAVAL ARCHITECT HEESEN --

SEVEN SINS BUILT/REFIT 2005 / 2015 -- BUILDER Heesen -- NAVAL ARCHITECT HEESEN --

SEVEN SINS BUILT/REFIT 2005 / 2015 -- BUILDER Heesen -- NAVAL ARCHITECT HEESEN -- INTERIOR DESIGNER HEESEN YACHTS DESIGN TEAM -- LENGTH (LOA) 43.80 m / 143.70 ft -- BEAM 8.30 m / 27.23 ft -- MAX DRAFT 3.00 m / 9.84 ft -- GROSS

996 views • 42 slides
The Seven GDPR Sins of Personal-Data Processing Systems Supreeth Shastri , Melissa Wasserman,

The Seven GDPR Sins of Personal-Data Processing Systems Supreeth Shastri , Melissa Wasserman,

The Seven GDPR Sins of Personal-Data Processing Systems Supreeth Shastri , Melissa Wasserman, Vijay Chidambaram General Data Protection Regulation (GDPR) May 25, 2018 Fundamental right Adopted after 2 years of public debate. Grants all European

528 views • 14 slides
HUM110 Islamic Studies Lecture 2 9 Islamic Studies Lesson 8: EFFECTS OF SINS Invisible Visible

HUM110 Islamic Studies Lecture 2 9 Islamic Studies Lesson 8: EFFECTS OF SINS Invisible Visible

HUM110 Islamic Studies Lecture 2 9 Islamic Studies Lesson 8: EFFECTS OF SINS Invisible Visible Instantaneous Delayed Gravity Touching Fire Walking on Water Telling Lies Eating Haraam In a Relationship

492 views • 13 slides
Continuous Inspection Fight back the 7 deadly sins of the developer ! Olivier Gaudin

Continuous Inspection Fight back the 7 deadly sins of the developer ! Olivier Gaudin

JUG Switzerland Continuous Inspection Fight back the 7 deadly sins of the developer ! Olivier Gaudin olivier.gaudin@sonarsource.com @gaudol Back in old times The genius The super hero Au fin fond de l'Univers, des annes et des

700 views • 46 slides

More recommend