Vulnerability Development mailing list archives
Re: Modern hw-killing virus feasible
From: Ian Kayne <Ian.Kayne () SOFTLAB CO UK>
Date: Thu, 8 Mar 2001 09:46:57 -0000
This is an interesting point. AT&T provide a lot of those kind of cash-machines here in the UK, and I have the following on good authority (half our company came from AT&T a few years ago) There has recently been a problem in the UK that has necessitated the re-programming of a bunch of ATM's. I'll take the NatWest bank, as I know this is a valid example. NatWest recently impleted full colour LCD screens, all kinds of "order a new cheque book", "get a mini statement" etc etc features. However, in their infinite wisdom, no-one bothered to check the compatability of all these extra features in the "real world". When these machines were deployed, it was discovered that if you go in and out of some menus, ask for a ministatement printout (a bit of paper showing the last 15 transactions), then some cash, it would work fine. However, the next person that came along, as soon as they put their card in the machine and entered their pin number, the ATM would automatically give them the same amount of cash as the previous person recieved, without being prompted to. Ie: Bob goes to cash machine, puts card & pin number in, gets a ministatement, and withdraws £20 cash. Jon then goes to the machine, puts card & pin number in, and instantly the ATM gives him £20. Now, this is nothing as juicy as Jon not being debited for the £20 quid, but something else of interest. Apparently, when Bob returns to a cash machine, his last actions are stored either on his card or on the ATM network, and the machine instantly spits out £20 again. Once it has done this, everything returns to normal. To my interpretation, this sounds like a buffer overflow - the ATM can't handle the amount of data it has to store, therefore something has to give. Which is why any NatWest customers here in the UK will suddenly notice that their mini-statements only give the last 6 entries instead of the usual 10 or 15. This change was rolled out under the guise of "customer demand". Hmmmm. So, seeing as data is stored on your cash card & read by the ATM, would it be possible to create some kind of overrun attack? Just a thought... Ian Kayne Technical Specialist - IT Solutions Softlab Ltd - A BMW Company
-----Original Message----- From: Jon O. [mailto:jono () MICROSHAFT ORG] Sent: 07 March 2001 05:13 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Modern hw-killing virus feasible A flash/bios virus may not be new or feasible right now (delivery issues) but it brings up a good point. There hasn't been a lot of thought given to protecting digital assets other than what we consider the internet or networks. However, once you become dependent on a thing, you can be controlled by that thing. We are very dependent on POS (Point-Of-Sale) devices and networks, ATM machines, etc. which provide a much better form of delivery. These devices are networked and allow media transfers from untrusted parties. This may sound impossible or not feasible, but I'm sure most of you read about Direct TV sending a couple bytes to blow hacked systems up (needless to say, they have 'fixed' the DTV countermeasures). People (you know who you are) are always finding ways to hack Palm Pilots, Benz door locks, etc. and it's just a matter of time before someone goes after POS network interfaces. For example, some free standing ATM machines actually dial-up (yes, you can hear the modem dial and the connection hiss) connections to the network. An ATM technician even told me that the line from the wall to the ATM, which is usually protected, was a T-1. When asked if someone could just pull it and hook back in, he stated that it would send an alarm to the CO, but a bridge would work fine. Does anyone have more information about these devices and what kind of risk we may actually be exposed to? Thanks, Jon http://www.securityreports.com On Tue, 6 Mar 2001, Bart wrote:Hi, Doesn't seem anything really new. The CIH Virus http://vil.mcafee.com/dispVirus.asp?virus_k=10300& )written in 1998 didsomething like what you are describing. On a set date ittried to flash thebios with garbage, making the infected pc unable to boot. Alot of hardware can probably be killed this way, as a lotof hardware thesedays have flashable eeprom's. The only problem is is thatthey have variousways of flashing the eeprom, thus making it (virtually)impossible for avirus to have a generic (flash-)payload for a lot of hardware. Kind Regards, Bart-----Oorspronkelijk bericht----- Van: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]Namens Pavel Machek Verzonden: maandag 5 maart 2001 23:34 Aan: VULN-DEV () SECURITYFOCUS COM Onderwerp: Modern hw-killing virus feasible Hi! Current DVD-regioning system provides *very* easy possibility for virus to render hardware unusable. Current DVD-roms allow setting DVD region for limited number of times. Imagine virus, that switches DVD between japan-regionand asia-regionas many times as it can. It would leave DVD lockedeither to japan orasia, effectively making it unusable for european/us citizen. Long time ago, rumors went that it is possible to killharddrive bysoftware. Then, old monitors could be damaged by software by missprograming them (but damage would take lot of time). Now DVDs provide effective way for software making them unusable.Pretty sad.Pavel-- I'm pavel () ucw cz. "In my country we have almost anarchyand I don't care."Panos Katsaloulis describing me w.r.t. patents atdiscuss () linmodems org
******************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use of the information contained within this email or attachments is strictly prohibited. Internet communications are not secure and Softlab does not accept any legal responsibility for the content of this message. Any opinions expressed in the email are those of the individual and not necessarily those of the Company. If you have received this email in error, or if you are concerned with the content of this email please notify the IT helpdesk by telephone on +44 (0)121 788 5480. ********************************************************************
Current thread:
- Re: Modern hw-killing virus feasible, (continued)
- Re: Modern hw-killing virus feasible Lucien Fransman (Mar 08)
- Re: Modern hw-killing virus feasible Ian Kayne (Mar 07)
- SV: Modern hw-killing virus feasible Christian Wettergren (privat) (Mar 08)
- Re: SV: Modern hw-killing virus feasible Lynn Crumbling (Mar 09)
- Re: SV: Modern hw-killing virus feasible Bruno Lustosa (Mar 09)
- SV: Modern hw-killing virus feasible Christian Wettergren (privat) (Mar 08)
- Re: Modern hw-killing virus feasible Ashworth, Robert C. [Contractor] (Mar 07)
- Re: Modern hw-killing virus feasible Michael Wojcik (Mar 07)
- Re: Modern hw-killing virus feasible Robert Sandilands (Mar 07)
- Re: Modern hw-killing virus feasible Peter Tonoli (Mar 08)
- Re: Modern hw-killing virus feasible Syzop (Mar 08)
- Re: Modern hw-killing virus feasible Ian Kayne (Mar 08)
- Re: Modern hw-killing virus feasible Matt Bell (Mar 08)
- FW: Modern hw-killing virus feasible Russell Munday (Mar 08)
- Re: Modern hw-killing virus feasible Jason Brvenik (Mar 08)
- Fw: Modern hw-killing virus feasible Cilice Cracker (Mar 09)
- Fw: Modern hw-killing virus feasible Cilice Cracker (Mar 09)