Amabhokisi ensimbi anemali emi emigwaqweni yedolobha awakwazi ukudonsa amehlo abathandi bemali esheshayo. Futhi uma izindlela zangaphambili ezingokomzimba bezisetshenziswa ukuthulula ama-ATM, manje kusetshenziswa amaqhinga ahlobene nekhompiyutha anekhono ngokwengeziwe. Manje okubaluleke kakhulu kubo "ibhokisi elimnyama" eline-microcomputer yebhodi elilodwa ngaphakathi. Sizokhuluma ngokuthi isebenza kanjani kulesi sihloko.
Inhloko ye-International ATM Manufacturers Association (ATMIA)
I-ATM ejwayelekile iyisethi yezingxenye ze-electromechanical esezilungile ezigcinwe endlini eyodwa. Abakhiqizi be-ATM bakha izinto zabo zezingxenyekazi zekhompuyutha ezivela kusikhiphi sezikweletu, isifundi samakhadi nezinye izinto esezivele zakhiwe ngabahlinzeki bezinkampani zangaphandle. Uhlobo lomakhi we-LEGO wabantu abadala. Izingxenye eziqediwe zifakwe emzimbeni we-ATM, ovame ukuhlanganisa izingxenye ezimbili: igumbi eliphezulu ("ikhabhinethi" noma "indawo yesevisi"), kanye nendawo ephansi (ephephile). Zonke izingxenye ze-electromechanical zixhunywe ngezimbobo ze-USB ne-COM kuyunithi yesistimu, kulesi simo esebenza njengomsingathi. Kumamodeli ama-ATM amadala ungathola ukuxhumana ngebhasi le-SDC.
Ukuvela kwekhadi le-ATM
Ama-ATM anemali enkulu ngaphakathi ahlala aheha amakhadi. Ekuqaleni, abanikazi bamakhadi basebenzisa kuphela ukuntula okukhulu ngokomzimba kokuvikelwa kwe-ATM - babesebenzisa abashicileli bezandla nabacwebezelayo ukuze bantshontshe idatha emithende kazibuthe; amaphinikhodi amanga namakhamera okubuka amaphinikhodi; ngisho nama-ATM mbumbulu.
Khona-ke, lapho ama-ATM eqala ukuhlonyiswa ngesofthiwe ebumbene esebenza ngokuvumelana nezindinganiso ezivamile, njenge-XFS (eXtensions for Financial Services), amakhadi aqala ukuhlasela ama-ATM ngamagciwane ekhompyutha.
Phakathi kwazo kukhona iTrojan.Skimmer, Backdoor.Win32.Skimer, Ploutus, ATMii nezinye izinhlelo ezingayilungele ikhompuyutha eziqanjwe ngamagama nezingashiwongo, ezitshalwa ngamakhadi kumasingathi we-ATM noma nge-USB flash drive ebhuthayo noma ngembobo elawulwa kude ye-TCP.
Inqubo yokutheleleka kwe-ATM
Ngemva kokuthwebula i-subsystem ye-XFS, uhlelo olungayilungele ikhompuyutha lungakhipha imiyalo kumnikezeli wemali yemali ngaphandle kokugunyazwa. Noma nikeza isifundi sekhadi imiyalo: funda/bhala umugqa kazibuthe wekhadi lasebhange futhi uthole nomlando wokwenziwe ogcinwe ku-chip yekhadi le-EMV. I-EPP (I-PIN Pad Yokubhala) idinga ukunakwa okukhethekile. Kuyavunywa ukuthi i-PIN khodi efakwe kuyo ayinakuvinjwa. Nokho, i-XFS ikuvumela ukuthi usebenzise iphinikhodi ye-EPP ngezindlela ezimbili: 1) imodi evulekile (yokufaka amapharamitha ezinombolo ahlukahlukene, njengenani okufanele likhishwe); 2) Imodi ephephile (i-EPP ishintshela kuyo uma udinga ukufaka i-PIN khodi noma ukhiye wokubethela). Lesi sici se-XFS sivumela umenzi wekhadi ukuthi enze ukuhlasela kwe-MiTM: abambe umyalo wokwenza kusebenze imodi ephephile othunyelwa usuka kumsingathi uye ku-EPP, bese wazisa iphinikhodi ye-EPP ukuthi kufanele iqhubeke nokusebenza kumodi evulekile. Ukuphendula lo mlayezo, i-EPP ithumela izinkinobho zombhalo ocacile.
Umgomo wokusebenza "webhokisi elimnyama"
Eminyakeni yakamuva,
Ukuhlaselwa kwe-ATM ngokufinyelela kude
Ama-antivirus, ukuvimbela ukuvuselelwa kwe-firmware, ukuvimba izimbobo ze-USB kanye nokubethela i-hard drive - ngezinga elithile vikela i-ATM ekuhlaselweni kwegciwane ngamakhadi. Kodwa kuthiwani uma umenzi wekhadi engahlaseli umsingathi, kodwa uxhuma ngqo kumngcele (nge-RS232 noma i-USB) - kumfundi wekhadi, iphinikhodi noma isikhiphi semali?
Okokuqala ukwazana "nebhokisi elimnyama"
Amakhadi anamuhla e-tech-savvy
"Ibhokisi elimnyama" elisuselwa ku-Raspberry Pi
Abakhiqizi abakhulu be-ATM kanye nezinhlangano zezobunhloli zikahulumeni, zibhekene nokuqaliswa okuningana kwe "black box",
Ngesikhathi esifanayo, ukuze bangabonakali phambi kwamakhamera, amakhadi aqaphile kakhulu athatha usizo lomlingani ongabalulekile kakhulu, umnyuzi. Futhi ukuze angakwazi ukuzifanelekela “ibhokisi elimnyama”, basebenzisa
Ukulungiswa "kwebhokisi elimnyama", ngokuvula ngokufinyelela kude
Lokhu kubukeka kanjani ngokombono wababhange? Ekurekhodweni okuvela kumakhamera wevidiyo, kwenzeka into enjengale: umuntu othile uvula igumbi eliphezulu (indawo yesevisi), uxhuma "ibhokisi lomlingo" ku-ATM, avale igumbi eliphezulu futhi ashiye. Ngemva kwesikhashana, abantu abaningana, amakhasimende abonakala avamile, basondela ku-ATM futhi bakhiphe imali eshisiwe. Umenzi wekhadi ube esebuya futhi alande idivayisi yakhe encane engumlingo ku-ATM. Ngokuvamile, iqiniso lokuhlaselwa kwe-ATM "ngebhokisi elimnyama" litholakala kuphela ngemva kwezinsuku ezimbalwa: lapho isisefo esingenalutho kanye nelogi yokukhipha imali engafani. Ngenxa yalokho, abasebenzi basebhange bangakwazi kuphela
Ukuhlaziywa kokuxhumana kwe-ATM
Njengoba kuphawuliwe ngenhla, ukusebenzisana phakathi kweyunithi yesistimu namadivayisi ajikelezayo kwenziwa nge-USB, RS232 noma i-SDC. Umenzi wekhadi uxhuma ngqo embobeni yedivayisi yocingo bese ethumela imiyalo kuyo - ukweqa umsingathi. Lokhu kulula kakhulu, ngoba ukuxhumana okujwayelekile akudingi noma yimaphi abashayeli abathile. Futhi amaphrothokholi obunikazi lapho i-peripheral kanye nomsingathi basebenzisana awadingi ukugunyazwa (phela, idivayisi itholakala ngaphakathi kwendawo ethembekile); ngakho-ke lezi zimiso ezingavikelekile, lapho i-peripheral kanye nomsingathi bexhumana, zilaleleka kalula futhi zingenwa kalula ukuhlaselwa kokudlala kabusha.
Lokho. Abanikazi bamakhadi bangasebenzisa isofthiwe noma i-hardware yokuhlaziya ithrafikhi, bayixhume ngokuqondile embobeni yedivayisi ethile yocingo (isibonelo, isifundi sekhadi) ukuze baqoqe idatha edlulisiwe. Ngokusebenzisa umhlaziyi wethrafikhi, umenzi wekhadi ufunda yonke imininingwane yezobuchwepheshe yokusebenza kwe-ATM, okuhlanganisa nemisebenzi engabhaliwe yezingxenye zayo ezizungezile (isibonelo, umsebenzi wokushintsha i-firmware yedivayisi ejikelezayo). Ngenxa yalokho, umenzi wekhadi uthola ukulawula okuphelele ku-ATM. Ngesikhathi esifanayo, kunzima kakhulu ukubona ukuba khona komhlaziyi wethrafikhi.
Ukulawula okuqondile komkhiqizi wemali yemali kusho ukuthi amakhasethi e-ATM angathululwa ngaphandle kokurekhodwa kulogi, ngokuvamile afakwa isofthiwe efakwe kumsingathi. Kulabo abangazi kahle ihadiwe ye-ATM kanye nesakhiwo sesoftware, ingabukeka njengomlingo ngempela.
Avelaphi amabhokisi amnyama?
Abahlinzeki be-ATM nosonkontileka abancane bathuthukisa izinsiza zokulungisa iphutha ukuze bahlole ihadiwe ye-ATM, okuhlanganisa nemishini kagesi enesibopho sokudonsa imali. Phakathi kwalezi zinsiza:
Iphaneli yokulawula ye-ATMDesk
Iphaneli yokulawula ye-RapidFire ATM XFS
Izici zokuqhathanisa zezinsiza ezimbalwa zokuxilonga
Ukufinyelela ezinsizeni ezinjalo ngokuvamile kukhawulelwe kumathokheni omuntu siqu; futhi zisebenza kuphela lapho umnyango ophephile we-ATM uvuliwe. Nokho, ngokumane ufake esikhundleni amabhayithi ambalwa kukhodi kanambambili yensiza, amakhadi
"Imayela lokugcina" kanye nesikhungo sokucubungula inkohliso
Ukusebenzisana okuqondile ne-periphery, ngaphandle kokuxhumana nomsingathi, kungenye yezindlela ezisebenzayo zamakhadi. Amanye amasu ancike ekutheni sinenhlobonhlobo yokuxhumana kwenethiwekhi lapho i-ATM ixhumana nezwe langaphandle. Kusukela ku-X.25 ukuya ku-Ethernet namaselula. Ama-ATM amaningi angabonakala futhi enziwe abendawo kusetshenziswa isevisi ye-Shodan (kuyanikezwa imiyalelo emfushane kakhulu yokusetshenziswa kwayo
"Imayela lokugcina" lokuxhumana phakathi kwe-ATM kanye nesikhungo sokucubungula linothe ezinhlobonhlobo eziningi zobuchwepheshe ezingasebenza njengendawo yokungena yekhadi. Ukusebenzisana kungenziwa ngezintambo (ulayini wefoni noma i-Ethernet) noma ngocingo (i-Wi-Fi, iselula: i-CDMA, i-GSM, i-UMTS, i-LTE) indlela yokuxhumana. Izindlela zokuphepha zingabandakanya: 1) izingxenyekazi zekhompuyutha noma isofthiwe yokusekela i-VPN (kokubili okujwayelekile, okwakhelwe ku-OS, nokusuka kwabanye abantu); 2) I-SSL/TLS (kokubili eqondene nemodeli ethile ye-ATM kanye nakubakhiqizi bezinkampani zangaphandle); 3) ukubethela; 4) ukuqinisekiswa komlayezo.
Nokho,
Enye yezidingo ezibalulekile ze-PCI DSS ukuthi yonke idatha ebucayi kufanele ibethelwe lapho idluliswa ngenethiwekhi yomphakathi. Futhi empeleni sinamanethiwekhi ayeklanywe ngendlela yokuthi idatha ekuwo ibethelwe ngokuphelele! Ngakho-ke, kuyalinga ukuthi: "Idatha yethu ibethelwe ngoba sisebenzisa i-Wi-Fi ne-GSM." Nokho, amaningi alawa manethiwekhi awanikezi ukuphepha okwanele. Amanethiwekhi omakhalekhukhwini azo zonke izizukulwane sekuyisikhathi eside agqekezwa. Ekugcineni futhi ngokungenakuguquleka. Futhi kukhona nabahlinzeki abahlinzeka ngamadivayisi ukuze abambe idatha edluliswa phezu kwabo.
Ngakho-ke, kungaba ngokuxhumana okungavikelekile noma kunethiwekhi “yangasese”, lapho i-ATM ngayinye izisakaza kwamanye ama-ATM, kungase kuqalwe ukuhlasela kwe-MiTM “isikhungo sokucubungula umgunyathi” - okuzoholela ekubambeni kwekhadi ukulawula ukugeleza kwedatha okudluliselwa phakathi I-ATM kanye nesikhungo sokucubungula.
Esithombeni esilandelayo
Ukulahlwa komgunyathi kwesikhungo sokucubungula mbumbulu
Source: www.habr.com