Mabhokisi esimbi ane mari akamira mumigwagwa yeguta anokwezva pfungwa dzevanoda mari nokukurumidza. Uye kana nzira dzaimbova dzemuviri dzaishandiswa kubvisa maATM, ikozvino hunyanzvi hune hunyanzvi hwemakomputa huri kushandiswa. Iye zvino chinonyanya kukosha kwavari i "black box" ine imwe-bhodhi microcomputer mukati. Tichataura pamusoro pekuti inoshanda sei munyaya ino.
Mukuru weInternational ATM Manufacturers Association (ATMIA) "mabhokisi matema" sekutyisidzira kwakanyanya kune ATM.
ATM yakajairika seti yezvakagadzirirwa-yakagadzirwa electromechanical zvikamu zvakachengetwa mune imwe imba. Vagadziri veATM vanovaka zvisikwa zvavo zvehardware kubva kune bhiri dispenser, kadhi kuverenga uye zvimwe zvinhu zvakatogadzirwa nevechitatu-bato vatengesi. Mhando ye LEGO muvaki wevakuru. Izvo zvikamu zvakapedzwa zvinoiswa mumutumbi weATM, iyo inowanzova nemakamuri maviri: kamuri yepamusoro ("cabinet" kana "nzvimbo yebasa"), uye nzvimbo yakaderera (yakachengeteka). Ese electromechanical zvikamu zvakabatana kuburikidza ne USB uye COM ports kune system unit, iyo mune ino kesi inoshanda semuenzi. Pamhando dzekare dzeATM unogonawo kuwana zvinongedzo kuburikidza nebhazi reSDC.
Iko kushanduka kweATM makadhi
MaATM ane mari hombe mukati anogara achikwezva makadhi. Pakutanga, makadhi akashandisa chete kusakwana kwemuviri kweATM kudzivirira - vaishandisa skimmers uye shimmers kubira data kubva kune magineti mitsetse; fake pini pads uye makamera ekuona mapini macode; uye kunyange maATM emanyepo.
Zvino, apo maATM akatanga kuve akashongedzerwa nesoftware yakabatana inoshanda zvinoenderana neyakajairwa zviyero, seXFS (eXtensions for Financial Services), makadhi akatanga kurwisa maATM nemavhairasi ekombuta.
Pakati pavo pane Trojan.Skimmer, Backdoor.Win32.Skimer, Ploutus, ATMii uye mamwe akawanda ane mazita uye asina mazita anonzi malware, ayo makadhi anodyara paATM host kana kuburikidza ne bootable USB flash drive kana kuburikidza neTCP remote control port.
ATM utachiona maitiro
Mushure mekutora iyo XFS subsystem, iyo malware inogona kuburitsa mirairo kune banknote dispenser pasina mvumo. Kana kupa mirairo kumuverengi wekadhi: verenga / nyora mutsara wemagineti wekadhi rebhangi uye kunyange kutora nhoroondo yekutengeserana yakachengetwa paEMV kadhi chip. EPP (Encrypting PIN Pad) inofanirwa kutariswa. Zvinowanzogamuchirwa kuti PIN kodhi yakaiswa pairi haigone kubatwa. Zvisinei, XFS inokubvumira kushandisa EPP pinpad mumamodhi maviri: 1) yakavhurika modhi (yekupinda maparameter akasiyana-siyana enhamba, senge mari ichabviswa); 2) yakachengeteka modhi (EPP inoshandura kwairi kana iwe uchida kuisa PIN kodhi kana encryption kiyi). Ichi chimiro cheXFS chinobvumira muchengeti kuti aite MiTM kurwisa: tora iyo yakachengeteka mode activation command inotumirwa kubva kumuenzi kuenda kuEPP, uye wozozivisa EPP pinpad kuti inofanira kuramba ichishanda yakavhurika mode. Mukupindura meseji iyi, EPP inotumira makiyi mumavara akajeka.
Kushanda musimboti we "black box"
Mumakore achangopfuura, Europol, ATM malware yakashanduka zvakanyanya. Makadhi haachadi kuwana mukana kune ATM kuti aite hutachiona. Vanogona kutapurira maATM kuburikidza nekurwiswa kwenetiweki kure vachishandisa network yekambani yebhangi. Boka IB, muna 2016 munyika dzinopfuura gumi dzeEurope, maATM aive pasi pekurwiswa kure.
Kurwisa paATM kuburikidza nekuwana kure
Antiviruses, kuvhara firmware updates, kuvharira USB ports uye encrypting hard drive - kune imwe nhanho chengetedza ATM kubva pakurwiswa kwehutachiona nemakadhi. Asi ko kana kadhi ikasarwisa mugadziri, asi inobatanidza zvakananga kune periphery (kuburikidza neRS232 kana USB) - kune muverengi wekadhi, pini padhi kana mari inoburitsa?
Kutanga kuzivana ne "black box"
Nhasi tech-savvy makadhi , vachishandisa kunonzi kuba mari paATM. "mabhokisi matema" akanyatso kurongerwa single-board microcomputers, senge Raspberry Pi. "Mabhokisi madema" maATM asina chinhu zvachose, mune zvemashiripiti zvachose (kubva kumabhengi 'maonero) nzira. Makadhi anobatanidza mudziyo wavo wemashiripiti zvakananga kune bhiri dispenser; kuburitsa mari yese iripo kubva mairi. Kurwiswa uku kunodarika ese ekuchengetedza software akaiswa pane ATM host (antivirus, kutendeseka yekutarisa, yakazara disk encryption, nezvimwewo).
"Black box" yakavakirwa paRaspberry Pi
Iwo makuru ekugadzira maATM uye masangano ehungwaru ehurumende, akatarisana nekuita kwakati wandei kwe "black box", kuti makombiyuta akachenjera aya anofurira maATM kupfira mari yose iripo; 40 mabhengi mumasekonzi makumi maviri ega ega. Masevhisi ekuchengetedza anoyambirawo kuti makadhi anowanzo kunanga maATM muzvitoro zvemishonga nenzvimbo dzekutengesera; uye zvakare kumaATM anoshandira vatyairi vari kuenda.
Panguva imwecheteyo, kuitira kuti vasaonekwe pamberi pemakamera, makadhi akangwarira zvikuru anotora rubatsiro rwevamwe vasina kunyanya kukosha, nyurusi. Uye kuitira kuti arege kukodzera "bhokisi dema" kwaari, vanoshandisa . Vanobvisa basa rinokosha kubva ku "black box" uye vanobatanidza smartphone kwairi, iyo inoshandiswa senzira yekuendesa kure kure mirairo kune yakabviswa-pasi "black box" kuburikidza ne IP protocol.
Kugadziriswa kwe "black box", ine activation kuburikidza nekuwana kure
Izvi zvinotaridzika sei kubva pamaonero evabhengi? Mune zvinyorwa kubva kumakamera evhidhiyo, chimwe chinhu chakadai chinoitika: mumwe munhu anozarura chikamu chepamusoro (nzvimbo yebasa), anobatanidza "bhokisi remashiripiti" kuATM, anovhara chikamu chepamusoro uye anosiya. Kwapera chinguva, vanhu vakati wandei, vanoita kunge vatengiwo zvavo, vanosvika paATM votora mari yakawanda. Mutambi wacho anobva adzoka otora kamuchina kake kemashiripiti muATM. Kazhinji, chokwadi chekurwiswa kweATM ne "bhokisi dema" inowanikwa chete mushure memazuva mashoma: kana iyo isina chinhu yakachengeteka uye yekubvisa mari logi isingaenderane. Somugumisiro, vashandi vebhangi vanogona chete .
Kuongororwa kweATM kutaurirana
Sezvataurwa pamusoro apa, kupindirana pakati peiyo system unit uye peripheral zvishandiso kunoitwa kuburikidza ne USB, RS232 kana SDC. Iyo kadhi inobatanidza yakananga kuchiteshi cheiyo peripheral mudziyo uye inotumira mirairo kwairi - ichipfuura mugamuchiri. Izvi zviri nyore, nekuti zvakajairwa mainterfaces haadi chero chaiwo madhiraivha. Uye iyo proprietary maprotocol ayo iyo peripheral neanotambira inodyidzana haidi mvumo (mushure mezvose, mudziyo uri mukati menzvimbo yakavimbika); uye naizvozvo aya maprotocol asina kuchengetedzeka, ayo anotaurirana nevari kutenderera, anovharirwa zviri nyore uye ari nyore kutapukirwa nekudzokorora kurwiswa.
Izvozvo. Makadhi anogona kushandisa software kana Hardware traffic analyzer, achiibatanidza yakananga kuchiteshi chechimwe chinhu cheperipheral mudziyo (semuenzaniso, muverengi wekadhi) kuunganidza data rakatumirwa. Uchishandisa traffic analyzer, kadhi inodzidza zvese zvehunyanzvi zvekushandisa kweATM, kusanganisira mabasa asina kunyorwa ezvibodzwa zvayo (somuenzaniso, basa rekushandura firmware yechigadzirwa cheperipheral). Nekuda kweizvozvo, mutori wemakadhi anowana kutonga kwakazara pamusoro peATM. Panguva imwecheteyo, zvakanyanya kuoma kuona kuvepo kwe traffic analyzer.
Kudzora kwakananga pamusoro pemabhengi dispenser zvinoreva kuti makaseti eATM anogona kubviswa pasina kurekodha mumatanda, ayo anowanzo pinda nesoftware inoiswa pamugadziri. Kune avo vasina kujairana neATM hardware uye software architecture, inogona kutaridzika semashiripiti.
Mabhokisi matema anobva kupi?
Vatengesi veATM uye subcontractors vari kugadzira debugging zvishandiso kuti vaongorore ATM hardware, kusanganisira magetsi makanika ane basa rekubvisa mari. Pakati pezvishandiso izvi: , . Mufananidzo uri pazasi unoratidza akati wandei mamwe madhigirii ekuongorora.
ATMDesk Control Panel
RapidFire ATM XFS Control Panel
Kuenzanisa maitiro ezvizhinji zvekuongorora zvinoshandiswa
Kuwanikwa kune zvishandiso zvakadaro kunowanzo kuganhurirwa kune munhu tokeni; uye vanongoshanda chete kana gonhi rakachengeteka reATM rakavhurika. Nekudaro, nekungotsiva mashoma mabheti mubhinari kodhi yekushandisa, makadhi "kuyedza" kubvisa mari - kunzvenga cheki dzakapihwa nemugadziri wekushandisa. Makadhi anoisa zvishandiso zvakagadziridzwa palaptop yavo kana single-board microcomputer, iyo inozobatanidzwa yakananga kune yebhengi dispenser kuti ibvise mari isingatenderwe.
"Maira yekupedzisira" uye fake processing center
Kudyidzana kwakananga neperiphery, pasina kutaurirana neanotambira, ingori imwe yemaitiro anoshanda emakadhi. Mamwe matekiniki anotsamira pakuti isu tine akasiyana siyana etiweki interfaces kuburikidza iyo iyo ATM inotaurirana nenyika yekunze. Kubva kuX.25 kuenda kuEthernet uye cellular. MaATM mazhinji anogona kucherechedzwa uye kuiswa munzvimbo uchishandisa iyo Shodan sevhisi (iyo yakanyanya kupfupi mirairo yekushandiswa kwayo inounzwa ), - nekurwiswa kunotevera kunoshandisa kusagadzikana kwekuchengetedza gadziriso, usimbe hwemutungamiriri uye kutaurirana kwakashata pakati pemadhipatimendi akasiyana ebhangi.
Iyo "maira yekupedzisira" yekukurukurirana pakati peATM nenzvimbo yekugadziridza yakapfuma mune zvakasiyana siyana zvetekinoroji zvinogona kushanda senzvimbo yekupinda kune kadhi. Kudyidzana kunogona kuitwa kuburikidza newaya (nhare yefoni kana Ethernet) kana isina waya (Wi-Fi, cellular: CDMA, GSM, UMTS, LTE) nzira yekutaurirana. Nzira dzekuchengetedza dzinogona kusanganisira: 1) hardware kana software yekutsigira VPN (zvose zvakajairwa, zvakavakwa muOS, uye kubva kune vechitatu); 2) SSL/TLS (zvese zviri zviviri zvakananga kune imwe ATM modhi uye kubva kune vechitatu-bato vanogadzira); 3) encryption; 4) meseji yechokwadi.
Zvisinei, kuti kumabhangi matekinoroji akanyorwa anoita seakanyanya kuoma, uye saka haazvinetse ivo pachavo nekuchengetedza kwakakosha network; kana kuti vanoishandisa nekukanganisa. Muchiitiko chakanakisa, iyo ATM inotaurirana neVPN server, uye yatove mukati meyakavanzika network inobatanidza kune iyo yekugadzirisa nzvimbo. Uye zvakare, kunyangwe kana mabhangi akakwanisa kuita nzira dzekudzivirira dzakanyorwa pamusoro, iyo carder inotova nekurwisa kunoshanda kwavari. Izvozvo. Kunyangwe chengetedzo ichienderana nePCI DSS standard, maATM achiri panjodzi.
Chimwe chezvakakosha zvinodikanwa zvePCI DSS ndechekuti data rese rinonzwa rinofanira kuvharwa kana richifambiswa paruzhinji network. Uye isu chaizvo tine network iyo yakatanga kugadzirwa nenzira yekuti data iri mavari yakavharwa zvachose! Naizvozvo, zvinoyedza kuti: "Data yedu yakavharidzirwa nekuti isu tinoshandisa Wi-Fi uye GSM." Nekudaro, mazhinji emanetwork aya haapi chengetedzo yakakwana. Maserura network ezvizvarwa zvese akabiwa kwenguva refu. Pakupedzisira uye zvisingachinjiki. Uye kune kunyange vatengesi vanopa michina yekubata data inofambiswa pamusoro pavo.
Naizvozvo, kungave mukusachengeteka kutaurirana kana mune "yakavanzika" network, uko ATM yega yega inozvitepfenyura kune mamwe maATM, kurwiswa kweMiTM "fake processing centre" kunogona kutangwa - izvo zvinozoita kuti kadhi itore kutonga kwekuyerera kwedata kunopfuudzwa pakati. ATM uye nzvimbo yekugadzirisa.
Zviuru zveATM zvinogona kukanganiswa. Panzira yekuenda kunzvimbo chaiyo yekugadzirisa, cardr anoisa yake, fake imwe. Iyi fake processing center inopa mirairo kune ATM yekupa mabhengi. Muchiitiko ichi, kadhi inogadzirisa nzvimbo yayo yekugadzirisa nenzira yekuti mari inobudiswa pasinei nokuti kadhi ripi rinopinzwa muATM - kunyange kana rapera kana kuti riine zero. Chinhu chikuru ndechekuti fake processing center "inoziva" iyo. Nzvimbo yekunyepera yekugadzirisa inogona kunge iri chigadzirwa chekumba kana yekugadziridza nzvimbo simulator, yakatanga kugadzirirwa kugadzirisa zvigadziriso zvetiweki (chimwe chipo kubva ku "mugadziri" kune vanokadhi).
Mumufananidzo unotevera kuraswa kwemirairo yekuburitsa makumi mana emabhangi kubva pakaseti yechina - inotumirwa kubva kune yekunyepedzera kugadzirisa nzvimbo uye yakachengetwa muATM software logs. Vanotaridzika chaizvo.
Raira kuraswa kwenzvimbo yekunyepedzera
Source: www.habr.com