EEVblog #687 - EFTPOS PIN Pad Terminal Teardown

[EEVblog]

What's inside a smart card pinpad EFTPOS terminal?
Dave looks at the anti-tamper mechanisms inside a Sagem Monetel secure PIN pad

DS5240 High-Speed Secure Microcontroller
http://datasheets.maximintegrated.com/en/ds/DS5240.pdf

MAX32550 DeepCover Secure Cortex-M3 Flash Microcontroller
http://datasheets.maximintegrated.com/en/ds/MAX32550.pdf

http://www.onsemi.com/pub/Collateral/NCN6004A-D.PDF

[josem]

Very interesting ( and I love the 50 fps video!).

Just a note, those SIM slots aren't actually for mobile network access, they're Secure access module (SAMs) used as secure elements for the encryption.

See https://en.wikipedia.org/wiki/Secure_access_module for an overview.

[max_torque]

Wouldn't each individual unit need to authenticate itself with the EFT network?  That way, no one can just substitute a hacked device in place of an existing device?

[mikeselectricstuff]

The SIM slots are to do with the security/payment processing stuff - they use the same type of smartcard.   Probably just one of them is for the optional GSM modem
Here's a Teardown I did a while ago - this one has more anti-tamper features

[G7PSK]

There was a program on TV a couple of months back about chip and pin machines, the TV company got a hacked unit from a man in Canada, the hacked unit would then send out all the card info and the person who purchased the machine could the access the information on the web. It only took about 24 hours from contacting the man in Canada to the reporter receiving the unit. What I understood from the program was the machines were being reprogrammed in some way. Apparently many restaurants are using such machines.

[Sionyn]

ive posted these here before





This is a good introduction into SIM type smart cards

[coppice]

Why does Dave keep going on about potting? Potting only slows people down for an hour or two.

[Sionyn]

here's a example of a high profile attack, these machines were compromised during manufacture
http://www.telegraph.co.uk/news/uknews/law-and-order/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

[mikeselectricstuff]

Why does Dave keep going on about potting? Potting only slows people down for an hour or two.

Yes, but if they embed a tamper-detect mesh in the potting it gets a lot harder.
Having to keep everything powered during depotting also limits options.

[Fungus]

Wouldn't each individual unit need to authenticate itself with the EFT network?  That way, no one can just substitute a hacked device in place of an existing device?

Thieves don't care if somebody else receives your payments for a while.

Edit: All they need is access to your machine long enough to install a recording device for card swipes and keypresses. They swap yours for another one that looks the same, take yours to the bathroom, hack it, then swap it back again.

[Fungus]

Why does Dave keep going on about potting? Potting only slows people down for an hour or two.

Presumably you have to keep the thing powered up while you de-pot it. That makes it very difficult to just dump the PCB in some solvent.

[Fungus]

On a related note, how would you go about hacking this device?

The first switch looks easy enough to defeat if you know where it is. You just drill a tiny hole in the side of the machine and put in a clip to hold that piece of red plastic in place while you take off the top cover. That lets you install the 'card details' recorder, no problem.

The keypress recorder seems a lot harder to install. Any ideas?

[SeanB]

I took one apart a while ago, still have the bits around I see in a box.

Here is a similar protection method, used in a postal meter to store the postage purchased.


IMG_1225 by SeanB_ZA, on Flickr


Under small cover by SeanB_ZA, on Flickr

Here is the card terminal main board, every board has a battery on it for back up.


underside by SeanB_ZA, on Flickr


remote board underside by SeanB_ZA, on Flickr


chip card interface top by SeanB_ZA, on Flickr


pots modem board top by SeanB_ZA, on Flickr

[coppice]

here's a example of a high profile attack, these machines were compromised during manufacture
http://www.telegraph.co.uk/news/uknews/law-and-order/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

I've read about that one before, and its bizarre. The critical silicon in machines like this are developed by trusted teams, in trusted labs. The chips are made in trusted fabs, which cst a fortune to qualify as trusted. No module designs may be imported into the chip design, unless they come from another trusted team. It seems after all this care is taken with the chips they just got "some guys in China" to assemble them into a product.

[EvilGeniusSkis]

On a related note, how would you go about hacking this device?

The first switch looks easy enough to defeat if you know where it is. You just drill a tiny hole in the side of the machine and put in a clip to hold that piece of red plastic in place while you take off the top cover. That lets you install the 'card details' recorder, no problem.

The keypress recorder seems a lot harder to install. Any ideas?

dremal a slot in the side of the case and slide a piece of something conductive under the keypad to complete the circuit for the security buttons.

[SAI_Peregrinus]

Tarnovsky's talk on hacking a TPM. What sorts of tamper-proofing one can get through generally is simply a matter of time and budget. FIB workstations are in the millions of dollars.

http://krebsonsecurity.com/category/all-about-skimmers/

Brian Krebs' site has good info on card skimmers.

[Supercharged]

On a related note, how would you go about hacking this device?

The first switch looks easy enough to defeat if you know where it is. You just drill a tiny hole in the side of the machine and put in a clip to hold that piece of red plastic in place while you take off the top cover. That lets you install the 'card details' recorder, no problem.

The keypress recorder seems a lot harder to install. Any ideas?

Maybe drill a hole next to the security switches and try to connect them (using solder paste or something).

[SeanB]

I actually have some of those sim like modules, came from a payphone.

[nitro2k01]

That unpopulated connector near the big exposed ground plane looks like a PCI connector, which would be used for the optional GPRS module. The unpopulated stuff on the other side is likely just power conversion for said module.

[Fungus]

On a related note, how would you go about hacking this device?

The first switch looks easy enough to defeat if you know where it is. You just drill a tiny hole in the side of the machine and put in a clip to hold that piece of red plastic in place while you take off the top cover. That lets you install the 'card details' recorder, no problem.

The keypress recorder seems a lot harder to install. Any ideas?

Maybe drill a hole next to the security switches and try to connect them (using solder paste or something).

Leaving holes/marks on the top is probably bad. Somebody will notice. You might be able to go down the gap at the side of one of the adjacent keys though, or just rip one of the adjacent keys out to get access and replace the whole keyboard membrane when you're done hacking.

Or ... maybe you could push a syringe needle through one of the adjacent keys and get there that way. Inject some of that silver paint they sell for repairing PCB traces onto the PCB.

I notice there's an exposed contact all around the security pads. It probably trips the switch if you short one of the pad's contacts to that. This would prevent you sliding conductive things under the membrane to make a contact. It also means you'd have to be very precise with your syringe (or whatever).

[alxnik]

SAGEM, the company that used to make them was bought by ingenico, so this is the last SAGEM branded model. It's obsolete by 2 generations since generally these things go out of style (and certifications) very quick. This specific device cannot be installed in europe anymore since it's not allowed by the PCI.

These things are serviceable by authorised dealers. Easy stuff, change the board, change the printer etc. In order to have it running again, you need to use a comissioning process which inject the keys inside using specialized tools. So no, these are not 1 use only.

Now on the security side. When there is a security breach, the only thing that gets erased are the banking keys (and a big flashing key on the screen when it powers on). Without the banking keys, no transaction can happen. Practically there is no way to steal the banking keys themselves (even after bypassing the security) apart from depotting the cryptoprocessor or something. It's true that the cryptoprocessor is sensitive to voltage, temperature and humidity variations, which makes even depotting practically impossible.

The main reason for the banking keys are to protect the PIN itself. The cleartext pin only has to travel between the pinad (physical keypresses) and the cryptoprocessor where it gets encrypted. The whole idea of tamper resistant and tamper evident is that if a person tries to install a skimming device, the POS stops working altogether (and the big flashing key thingy...). The magstripe data are irelevant to the security since it can be easily stolen anyway if magnetic stripe is used (mainly USA, europe moved away).

The SAM slots which are used to insert smartcards are mainly for legacy applications since they were used as encryption devices in the olden days (10 years ago?), but because of PCI nowadays the only device that is allowed to be used as an encryption device is the secure cryptoprocessor.

The USBs on the side are indeed for software loading.
The applications (firmware) that are installed need to be cryptographically signed which means that:
a. only authorized persons can install software
b. if malicious software is found, its source can be found

Can it be hacked? Probably. I have personally worked in the industry for some time and I have never seen or heard of a PCI certified EFTPOS terminal being hacked into a skimming device or whatever. Usually the easier targets are the ATMs or the less secure EFTPOS terminals that are used in the US.

One interesting bit. Although I personally haven't used this feature and I am not 100% sure about it, I think the big cap is used as a micro-UPS. When the power is cut, the banking application gets a "power is cut" interrupt which gives it just enough time to save the state it's in. This is very useful so that no wrong bank charges happen.

[Fungus]

Tarnovsky's talk on hacking a TPM. What sorts of tamper-proofing one can get through generally is simply a matter of time and budget. FIB workstations are in the millions of dollars.

Good video.

[Noah]

Wow, first time i see a board with a layermarker outside my company. So we are not the only one who still put them on the pcb.

My idea for hacking would be clipping the first tacktile switch, open the case and then try to probe some vias and sniff on the traces of the keypad.

[EEVblog]

Why does Dave keep going on about potting? Potting only slows people down for an hour or two.

Presumably you have to keep the thing powered up while you de-pot it. That makes it very difficult to just dump the PCB in some solvent.

Yes, that's the whole idea. The keys are in SRAM and you can put extra anti-tamper in the potting. Should have mentioned that.

[EEVblog]

I've read about that one before, and its bizarre. The critical silicon in machines like this are developed by trusted teams, in trusted labs.

This is all part fo the standard, which as I briefly mentioned included the handling and management of device as well.