[Gnuk-users] Hardware PIN pad
NdK
ndk.clanbo at gmail.com
Thu Feb 2 05:45:10 UTC 2017
Il 02/02/2017 06:03, Ineiev ha scritto:
> When the MCU on the pinpad gets tampered, its authentification code
> is lost; if the pinpad can't authentificate, FST-01 powers it down.
Well, when someone says "micro" for a keyboard, I'm biased to thinking
"PIC". And standard PICs (the cheap ones) are notoriously quite weak,
security-speaking. Extracting the whole firmware could take from a
couple of minutes (w/o even needing to desolder it!) to a couple hours.
Nothing that's not doable by the evil maid while you sleep.
>> fw. And nowhere to hide a keylogger :)
> What if the attackers replace the IO expander with a micro?
He'd have to find (or have it custom-built) a pin-compatible one that
acts as I2C slave.
>> About $2.5 on AliExpress for single pieces.
> (0) Does AliExpress sell to anonymous customers?
As long as you pay...
> (1) I wouldn't bet AliExpress will be available for residents
> of my country within a year or even 6 months. in my local stores,
> such things cost $12 or more (2-digit indicators may be cheaper
> than $1).
That's the price of autharchy...
> I2C signals are fast-switching. when passed through a cable, they may
> emit compromizing levels of radiation.
Depends on the controlling pins. They can be slew-rate limited.
BYtE,
Diego
More information about the gnuk-users
mailing list