7 sins of atm
play

7 sins of ATM protection against logical attacks Timur Yunusov - PowerPoint PPT Presentation

Sep 30, 2023 •191 likes •647 views

7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com whoami Positive Technologies (from 2009) Application security researcher (from 2009) Banking systems

  1. Заголовок 7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com

  2. Заголовок whoami • Positive Technologies (from 2009) • Application security researcher (from 2009) • Banking systems security senior expert (from 2012) • Big fan of #nullcon • Always in search/research ;)

  3. Заголовок whoami • Positive Technologies (from 2009) • Application security researcher (from 2009) • Banking systems security senior expert (from 2012) • Big fan of #nullcon • Always in search/research ;) 10+ ATMs for the last year

  4. Заголовок ATM security assessment

  5. Заголовок 7 sins • Kiosk bypass techniques • Privilege escalation techniques • Application control software bypass • Network physical layer • Device management • OS / Software vulns / OS • Booting process Kiosk mode bypass • Logical vulnerabilities Network • Network attacks • Hardware attacks Hardware

  6. Заголовок Blackbox Blackbox is dead

  7. Заголовок Blackbox Blackbox is dead

  8. Заголовок Blackbox Have strong crypto btw dispenser and OS? Blackbox is (almost) Yes dead (for researchers) BB is not BB is possible possible

  9. Заголовок Kiosk mode bypass Kiosk mode bypass Windows XP/7

  10. Заголовок Kiosk mode bypass • Safe mode • Hotkeys • Windows Plug&Play • Race condition

  11. Заголовок Safe mode • F8 + Safe mode with command line • DS restore mode • AC/DC fun

  12. Заголовок Hotkeys • Win+R

  13. Заголовок Hotkeys • Win+R • Alt+Tab • Alt+F4 • Alt+Shift+ESC • F1-F12 • Shift x5 (Windows 7 only) • Win+(etc) http://www.techrepublic.com/blog/windows-and-office/the- complete-list-of-windows-logo-keyboard-shortcuts/

  14. Заголовок AlwaysOnTop This ATM is Out Of Service, Sorry for inconvenience

  15. Заголовок AlwaysOnTop This ATM is Out Of Service, Sorry for inconvenience • Disabling mouse icon • AlwaysOnTop

  16. Заголовок P&P

  17. Заголовок P&P

  18. Заголовок P&P video/screenshot

  19. Заголовок End of the story

  20. Заголовок Privilege escalation techniques • How exactly we extract money?

  21. Заголовок Privilege escalation techniques • FS restrictions • Local Security Policy restrictions

  22. Заголовок Privilege escalation techniques • Arbitrary command execute - XFS API • Command execute - priv escalation • Write files/registry - modify sec configs

  23. Заголовок Privilege escalation techniques • Arbitrary command execute - XFS API • Command execute - priv escalation • Write files/registry - modify sec configs • Read files - ***

  24. Заголовок App control software bypass Story so far… • https://evi1cg.me/archives/AppLocker_Bypass_Techniques.html • https://cansecwest.com/slides/2016/CSW2016_Freingruber_Bypassi ng_Application_Whitelisting.pdf

  25. Заголовок Security software bypass • McAfee Solidcore - https://www.ptsecurity.com/ww-en/about/news/131496/ • MS Applocker - http://www.blackhillsinfosec.com/?p=5257 – State of Art! • etc (6 total different products) – stay tuned! • 0days (5 total, in process of fixing): network, local, logical • Misconfiguration • Whitelist Memory Execution: IE, rundll32, powershell, java, etc

  26. Заголовок Security software bypass

  27. Заголовок Network • Processing • Track2 • OS services • Software services (Solidcore, UPDD, etc) • Processing • Track2 VPN TLS MAC + Firewall • Processing

  28. Заголовок Network vulns • VPN disabling • Logical vulns part • TLS disabling • MAC disabling • Files/registry manipulations

  29. Заголовок Network/Hardware layer • 3G industrial modem • Long story short http://blog.ptsecurity.com/2015/12/critical- vulnerabilities-in-3g4g-modems.html • Security measures • VPN channel • Private APN • Result • ATM network infection • Processing access

  30. Заголовок Network/Hardware layer • Access to *:80 • Auth bypass • Physical access • Proper VPN protocols(((

  31. Заголовок Device mgmt How to do all hacking stuff much easier?

  32. Заголовок Device mgmt • Keyboard/mouse • Teensy • Network card • fw bypass • plug&play • USB drive • local access to Exe file content • plug&play • MS13-081

  33. Заголовок Booting process The easiest way is…

  34. Заголовок Booting process • BIOS pwd • Network load • Safe mode • Physical access • OS access • Same passwords story • Bootkit • Software skimming

  35. Заголовок Logical vulns How it happened?

  36. Заголовок Logical vulns • Security tools runs from regedit/autorun • Shift x5 • Win+U • Security race condition • Hash(loooooooong file) • exploit.exe at the same time • Ctrl+C

  37. Заголовок Logical vulns

  38. Заголовок Logical vulns • VPN disabling

  39. Заголовок Logical vulns • FS access is strictly prohibited

  40. Заголовок Logical vulns • FTP is strictly prohibited!

  41. Заголовок Summary Windows 7 SP1 ATM Windows XP SP3 ATM Kiosk bypass Hotkeys/Safe mode KeyboardDisabler bypass App control bypass 0day/Trusted soft Untrusted booting Privilege escalation 0day/MS15-051 Untrusted booting VPN/TLS disabling Misconfiguration/FS Untrusted booting Social Engineering Misconfiguration/FS - Untrusted boot BIOS accessing from OS No password Network attacks MAC/TLS/VPN/App service MAC/TLS/VPN/OS services

  42. Заголовок How all that happens? • Security through obscurity is not an option! • You should know your landscape and your threat model • Use compliance management tools instead of paper • In case of impossibility of fixing vulns, use mitigation measures like SIEM

  43. Заголовок Greetz • Anon guy ;-) • Positive Technologies researchers teams: • ICS/SCADA • Reverse Engineering • Banking security

  44. Заголовок Contacts http://uk.linkedin.com/in/tyunusov tyunusov@ptsecurity.com a66at

  45. Заголовок Thank You! ptsecurity.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Grace Q&A with Ken Legg 1) What does this mean? If you forgive the sins of any, they

Grace Q&A with Ken Legg 1) What does this mean? If you forgive the sins of any, they

Grace Q&A with Ken Legg 1) What does this mean? If you forgive the sins of any, they are forgiven them; if you retain the sins of any, they are retained (John 20:23) 1) Only God can forgive sins 2) All our sins were paid for at

609 views • 24 slides
The Seven (More) DEADLY SINS OF Microservices Daniel Bryant @ danielbryantuk OpencRedo

The Seven (More) DEADLY SINS OF Microservices Daniel Bryant @ danielbryantuk OpencRedo

The Seven (More) DEADLY SINS OF Microservices Daniel Bryant @ danielbryantuk OpencRedo Previously, AT QCON NYC 2015... https://www.infoq.com/presentations/7-sins-microservices 14/06/2016 @danielbryantuk The Seven (more) Deadly Sins of

979 views • 60 slides
The Seven (More) DEADLY SINS OF Microservices @ danielbryantuk @ spectolabs Previously, AT Devoxx

The Seven (More) DEADLY SINS OF Microservices @ danielbryantuk @ spectolabs Previously, AT Devoxx

The Seven (More) DEADLY SINS OF Microservices @ danielbryantuk @ spectolabs Previously, AT Devoxx UK & QCON NYC 2015... https://www.infoq.com/presentations/7-sins-microservices 01/05/2017 @danielbryantuk The Seven (more) Deadly Sins of

939 views • 53 slides
The 7 Deadly Sins of Running a Ministry (and how

The 7 Deadly Sins of Running a Ministry (and how

The 7 Deadly Sins of Running a Ministry (and how not to let your human nature throw your call from God down the toilet) presented

756 views • 57 slides
And when He had said this, He breathed on them, and said to them, Receive the Holy Spirit. If

And when He had said this, He breathed on them, and said to them, Receive the Holy Spirit. If

And when He had said this, He breathed on them, and said to them, Receive the Holy Spirit. If you forgive the sins of any, they are forgiven them; if you retain the sins of any, they are retained. John 20:22-23 The Last Words of Christ

1.87k views • 183 slides
Genesis 3:1-24 Micah 7:19 (NIV) 19 You will again have compassion on us; you will tread our sins

Genesis 3:1-24 Micah 7:19 (NIV) 19 You will again have compassion on us; you will tread our sins

Genesis 3:1-24 Micah 7:19 (NIV) 19 You will again have compassion on us; you will tread our sins underfoot and hurl all our iniquities into the depths of the sea.

479 views • 14 slides
Bar of Soap 1 John 1:9 If we confess our sins, He is He is fa fait ithfu ful l an and

Bar of Soap 1 John 1:9 If we confess our sins, He is He is fa fait ithfu ful l an and

The Christians Bar of Soap 1 John 1:9 If we confess our sins, He is He is fa fait ithfu ful l an and ju just to fo forgiv give e us our sin ins an and to cl clea eanse us e us fr from m al all l unrighteousness.

889 views • 56 slides
States Growing Interest in Sins Despite Shrinking Sin Tax Revenues National Tax

States Growing Interest in Sins Despite Shrinking Sin Tax Revenues National Tax

States Growing Interest in Sins Despite Shrinking Sin Tax Revenues National Tax Association 49th Annual Spring Symposium May 17, 2019 Lucy Dadayan and Richard Auxier Cigarette / tobacco taxation 1864 Federal government enacted

346 views • 20 slides
The 7 Deadly Sins of DevOps Presented by: Larry

The 7 Deadly Sins of DevOps Presented by: Larry

AT5 DevOps Practices Thursday, November 7th, 2019 10:00 AM The 7 Deadly Sins of DevOps Presented by: Larry Maccherone

463 views • 3 slides
1 2 Through the symbolism of the two goats and the actions of the High Priest we understand

1 2 Through the symbolism of the two goats and the actions of the High Priest we understand

1 2 Through the symbolism of the two goats and the actions of the High Priest we understand the meaning of this very important holyday REMO REMOVAL AL AND AND FO FORGIVENESS GIVENESS OF OF OUR SINS OUR SINS BY BY THE THE PO POWER

861 views • 69 slides
If your ur br brother ther sins ns ag agains ainst you, ou, go o and and tell hi him

If your ur br brother ther sins ns ag agains ainst you, ou, go o and and tell hi him

Ma Mathe hew w 18:1 :15-20 (ESV) V) If your ur br brother ther sins ns ag agains ainst you, ou, go o and and tell hi him his his fault, ult, between een you u and and hi him al alone one. If f he he listens ens to

1.03k views • 15 slides
The Tale of Two Sins: Regulation of Gambling and Tobacco Richard A. McGowan,S.J. Boston

The Tale of Two Sins: Regulation of Gambling and Tobacco Richard A. McGowan,S.J. Boston

The Tale of Two Sins: Regulation of Gambling and Tobacco Richard A. McGowan,S.J. Boston College 1964 Tobacco: 40% of the Adult Population Smoke cigarettes. Smoking was permitted in all public places; 15% of TV network advertising

305 views • 13 slides
We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud Siegfried Rasthofer (TU Darmstadt / CASED) Eric Bodden (TU Darmstadt / Fraunhofer SIT) Carlos Castillo (Intel Security) Alex Hinchliffe (Intel

510 views • 39 slides
CAN THE GOLD INDUSTRY AVOID THE SINS OF THE PAST? NICK HOLLAND CEO GOLD FIELDS To come to

CAN THE GOLD INDUSTRY AVOID THE SINS OF THE PAST? NICK HOLLAND CEO GOLD FIELDS To come to

AUSTRALIAN INTERNATIONAL MINE MANAGEMENT CONFERENCE 22 AUGUST 2016 CAN THE GOLD INDUSTRY AVOID THE SINS OF THE PAST? NICK HOLLAND CEO GOLD FIELDS To come to our conclusions, we have analysed MESSAGE OF THE PRESENTATION financial and

580 views • 37 slides
Seven (+-2) Sins of Concurrency Chen Shapira In which I will show classical concurrency problems

Seven (+-2) Sins of Concurrency Chen Shapira In which I will show classical concurrency problems

Seven (+-2) Sins of Concurrency Chen Shapira In which I will show classical concurrency problems and some techniques of detecting and avoiding them I have a B.Sc. in CS and Statistics, OCP, 10 years of production IT experience and Im an

946 views • 46 slides
I am writing to you, dear children, because your sins have been forgiven on account of His

I am writing to you, dear children, because your sins have been forgiven on account of His

I am writing to you, dear children, because your sins have been forgiven on account of His name. I am writing to you, fathers, because you know Him who is from the beginning. I am writing to you, young men, because you have overcome the evil

749 views • 35 slides
WHY YOU WILL SOON SEE 100S OF NEW NFC APPLICATIONS HOW IOS11 AND NXP CAN BOOST YOUR BUSINESS

WHY YOU WILL SOON SEE 100S OF NEW NFC APPLICATIONS HOW IOS11 AND NXP CAN BOOST YOUR BUSINESS

WHY YOU WILL SOON SEE 100S OF NEW NFC APPLICATIONS HOW IOS11 AND NXP CAN BOOST YOUR BUSINESS JORDI JOFRE 24/10/2017 PUBLIC Agenda The NFC journey including iOS 11 release Key NFC use cases with smartphones NXP NFC portfolio

338 views • 32 slides
BINARY-LEVEL SECURITY: SEMANTIC ANALYSIS TO THE RESCUE Sbastien Bardin (CEA LIST) Joint work

BINARY-LEVEL SECURITY: SEMANTIC ANALYSIS TO THE RESCUE Sbastien Bardin (CEA LIST) Joint work

BINARY-LEVEL SECURITY: SEMANTIC ANALYSIS TO THE RESCUE Sbastien Bardin (CEA LIST) Joint work with Richard Bonichon, Robin David, Adel Djoudi & many other people Sbastien Bardin -- ISSISP 2017 | 1 ABOUT MY LAB @CEA Sbastien Bardin

1.11k views • 87 slides
Network Security Dr. Haojin Zhu Zhu-hj@cs.sjtu.edu.cn https://nsec.sjtu.edu.cn/ 1 About

Network Security Dr. Haojin Zhu Zhu-hj@cs.sjtu.edu.cn https://nsec.sjtu.edu.cn/ 1 About

Network Security Dr. Haojin Zhu Zhu-hj@cs.sjtu.edu.cn https://nsec.sjtu.edu.cn/ 1 About Instructor Dr. Haojin Zhu, Professor of Computer Science and Engineering Department https://nsec.sjtu.edu.cn/ zhu-hj@cs.sjtu.edu.cn Office:

748 views • 56 slides
How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November 2014 B-Sides Vienna Sebastian Bachmann & Tibor Eli as How we hacked Online Banking Malware 22. November 2014 1 / 55 About Us About:

576 views • 55 slides
Week 9 Page 1 Lab Session Activities Homework assignment #9 Team Homework Assignment #9

Week 9 Page 1 Lab Session Activities Homework assignment #9 Team Homework Assignment #9

Week 9 Page 1 Lab Session Activities Homework assignment #9 Team Homework Assignment #9 http://www.csun.edu/~twang/380/HW/HW9.pdf Page 2 1. Requirements of the ATM Simulator The software to be designed will control a simulated automated

567 views • 28 slides
Detector Support System Cost estimate at Conceptual Design Jim Stewart DUNE CDR: DSS Review

Detector Support System Cost estimate at Conceptual Design Jim Stewart DUNE CDR: DSS Review

Detector Support System Cost estimate at Conceptual Design Jim Stewart DUNE CDR: DSS Review August 20 2018 INDICO Agenda h.ps://indico.fnal.gov/event/17719/other-view?view=standard Content Methodology for the Cost Estimate

461 views • 22 slides
Stuart Schechter Cormac Herley Michael Mitzenmacher Why are we doing this to our users? Threat

Stuart Schechter Cormac Herley Michael Mitzenmacher Why are we doing this to our users? Threat

Your email address: Choose a password: Stuart Schechter Cormac Herley Michael Mitzenmacher Why are we doing this to our users? Threat 1: Password file compromised stus, 0xCF832A834 0xC86A00386 cormac, michaelm, 0x0DB015528 helenw,

761 views • 53 slides
Chapter 6: System Data Files and Information CMPS 105: Systems Programming Prof. Scott Brandt T

Chapter 6: System Data Files and Information CMPS 105: Systems Programming Prof. Scott Brandt T

Chapter 6: System Data Files and Information CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2, Rm. 167 Introduction Lots of system parameters, configuration information, and status information is stored in files

150 views • 14 slides

More recommend