logo
allArticlesConferencesPresentations

Black Box is Dead. Long Live Black Box!

Conference:  BlackHat USA 2018

2018-08-09

Summary

The presentation discusses the vulnerabilities of ATM machines and the different types of physical and logical attacks that can be used to exploit them. It also explores the different interfaces used to connect dispensers to PCs and the potential security risks associated with them.
  • ATM machines are vulnerable to physical and logical attacks
  • Physical attacks include brute force attacks and resonant attacks
  • Logical attacks include malware attacks and black box attacks
  • Different interfaces are used to connect dispensers to PCs, including RS-232, SDC bus, and USB
  • USB is the most common and complex interface, with a lot of abstractions and the need for a hardware sniffer to see data at a low level
The presentation mentions a specific example of a black box attack, which involves using extra hardware devices connected to the hardware bus. The device is called a black box and can be used to withdraw cash from the ATM. This type of attack requires low-level protocols and knowledge of the ATM's power, and does not depend on processing center operation systems or other software.

Abstract

The number of logic attacks on ATMs continues to rise. Some of them involve a "black box," a device that is physically connected to the cash dispenser and sends commands to push out cash. Within five years of the first known black box attacks (starting from 2012), almost all new ATMs started encrypting commands to the dispenser as a precautionary measure. The research community attempted to investigate security of the implemented encryption and even obtained positive results (such results were described by Positive Technologies researchers). Criminals concentrated their efforts on easier targets, since unprotected ATMs remained plentiful. However, this situation changed rapidly in the fall of 2017 when criminals began to employ attacks on the "secure" dispenser interface. The current state of security is discouraging: we analyzed four commercially available dispensers from major vendors and successfully withdrew cash from all of them. So despite all the efforts, ATM security is still little better than in 2012.
Materials:
Slides
Tags:

Post a comment

Related work

Applied Ca$h Eviction through ATM Exploitation

Conference:  Defcon 28
Authors:
2020-08-01

The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust

Conference:  Black Hat Asia 2023
Authors: Alex Matrosov, Richard Hughes, Kai Michaelis
2023-05-12

Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal

Conference:  Black Hat USA 2022
Authors:
2022-08-10

DeepPhish: Simulating Malicious AI

Conference:  BlackHat EU 2018
Authors:
2018-12-05

Maintaining TUF, a Talk

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Lukas Pühringer, Joshua Lock
2023-04-21

Open Sesame: Picking Locks with Cortana

Conference:  BlackHat USA 2018
Authors:
2018-08-08