[Gnuk-users] Hardware PIN pad
Ineiev
ineiev at gnu.org
Thu Feb 2 12:43:20 UTC 2017
On Thu, Feb 02, 2017 at 06:45:10AM +0100, NdK wrote:
> Il 02/02/2017 06:03, Ineiev ha scritto:
>
> > When the MCU on the pinpad gets tampered, its authentification code
> > is lost; if the pinpad can't authentificate, FST-01 powers it down.
> Well, when someone says "micro" for a keyboard, I'm biased to thinking
> "PIC". And standard PICs (the cheap ones) are notoriously quite weak,
> security-speaking. Extracting the whole firmware could take from a
> couple of minutes (w/o even needing to desolder it!) to a couple hours.
> Nothing that's not doable by the evil maid while you sleep.
You can see, it is not PIC; and killing programming pins with high
voltage may make the task more difficult.
> >> fw. And nowhere to hide a keylogger :)
> > What if the attackers replace the IO expander with a micro?
> He'd have to find (or have it custom-built) a pin-compatible one that
> acts as I2C slave.
Yes. take an IO expander, eviscerate it from the bottom and mount
an MCU there. no lasers or scanning microscopes.
> >> About $2.5 on AliExpress for single pieces.
> > (0) Does AliExpress sell to anonymous customers?
> As long as you pay...
> > (1) I wouldn't bet AliExpress will be available for residents
> > of my country within a year or even 6 months. in my local stores,
> > such things cost $12 or more (2-digit indicators may be cheaper
> > than $1).
> That's the price of autharchy...
>
> > I2C signals are fast-switching. when passed through a cable, they may
> > emit compromizing levels of radiation.
> Depends on the controlling pins. They can be slew-rate limited.
I2C bus requirements of MCP23017 reads: SDA and SCL fall time
(maximum, in 100kHz mode): 300ns max; for the MCU (ATmega48PA),
SDA and SCL rise time are 300ns max, output fall time is 250ns max.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20170202/ab6ac909/attachment.sig>
More information about the gnuk-users
mailing list