I actually spend more than 3 years developing applications for different POS devices, including Sagem EFT30 snd EFT930 families. So a couple of things: 0) This is EFT930S model. S has Ethernet as communication method, so no GPRS here. 1) Those are SAMs, not SIMs. SAM stands for secure application module. Those are to receive custom security devices, carrying some extended security keys, etc. 2) Anti-tamper protection on these devices is really amazing! Not only they have tamper switch, but... Basically, there is a bunch of security keys (PIN key, MAC key, etc.) stored in flash inside crypto-processor. They are stored encrypted by the master key. Master key resides in crypto-processor SRAM. As soon as this crypto-processor detects tampering - it destroys master key. This in turn makes encrypted keys useless, because you can no longer decrypt and use them. And tampering conditions include, but not limited to: - case opening - temperature above max/below min - voltage above max/below min - invalid signals on I/O ports (e.g. you put something completely unexpected on USB bus) - circuitry parameters (impedance, capacitance) - you CAN'T just bodge something in - there is also a guard mesh wound around crypto-processor's crystal, so if you bypassed all the other systems and try to de-pot it to read contents using microscope - oops, keys are gone as soon as this mesh receives any damage. - un-sogned application upload to device - yes, even if you have the SDK, and wrote an app for this puppy, you have to sign it with some special key in order to be able to upload it to device 3) It goes to "MOCKUP" mode after destroying the keys. To return it to productuion mode, you have to send it back to factory - i.e. only MANUFACTURER can revive it, not just a retailer or something. It requires factory keys for that. 4) PINPAD in general is a separate device, connected to POS TERMINAL, so customer can enter his PIN, while merchant has the terminal. So it's not really correct to call this terminal a pinpad.
Nice to see my item made it to a Teardown, Also i think that massive cap is probably not for tamper resistance but for the thermal printer. I have seen similar large ones in Dymo Thermal Printers.
For those concerned there is a small industry in hacking these pin pads (as they are called in North America). People steal them and drill into to cases in specific places (bypassing the anti tamper). Which allows the harvest of PINs and MSR Data. Many stores are now physically locking down the pin pad so they cannot be stolen. Always check that the seal is in place in a pin pad. Also make sure that there are no funny holes in your pin pad. Also simply covering the keypad will stop people from recording your PIN with a video camera.
metal pins at 15:45 are for minimizing smartcard socket to erode, many card insertions are expected and not always well-aligned to the socket, so plastic card will roll across the metal pins and not the plastic edge of the socket
(Lawyer notice: This is not a manual on how to do it, it already happend that way here in Germany.) Gut one out, replace with own hardware that lets any card pass, store card data and PIN on mSD and call it a day, normal folks will never get the difference. If you want to spot that "hack" enter your PIN incorrectly the first time. If it passes the device is hacked. If you want good karma you tell the store folks. If you suspect the store owner to set this up, just walk away and call the police. :)
I'd be pretty sure that there would be many more ways a store's system's could tell something is wrong, however if you were simply running your own 'store', it could be somewhat more successful. there are still many problems, like the pin thing you mentioned, and losing money every-time you give away a product without actually getting paid for it, also, nothing would show up on the victims statement, and anyone who happened to use a smart-card enabled card would be essentially impossible to steal from, because of how smart cards work
***** Here in Germany its you stick that card in, so the chip thingy is involved, press Enter once if you are OK with the price, enter your PIN and press Enter on that and either the terminal is fine with your PIN or not. So Joe Average could never tell that he just got his card number and pin stolen. I should mention that we in Germany use cards that belong to a wire-money/giro account like Maestro, actual credit cards are not that widespread here.
Bastet Furry I don't get it - what's the point? The smart card uses a challenge-response exchange - recording the PIN is useless and there's nothing else to record other than the chip's response to the server's transaction-unique challenge.
Ted Middleton They just need to regenerate the data on the magnetic stripe and then go grab the money in an "underdeveloped" country. No harm to you, because you can prove that you where, for example, at work and ~1000 km away from the terminal the money was withdrawn from. The banks rather pay what was lost trough fraud than fixing their system. :3
There are some things I disagree about: 1. The SIM Card holders are most likely SAM Card (+ probably 1 sim) holder en.wikipedia.org/wiki/Secure_access_module This may also be the reason its processor is not secured to hard, as the crypto stuff is done in the SAM module 2. The "shielding with an unpopulated connector"you described at ~ minute 10 seems to me like and unpopulated GRPS module that could for example hold a telit module www.telit.com/products/product-service-selector/product-service-selector/show/product/g24-lite/ 3. The unpopulated stuff on the other side of (2) is presumably the powersupply for the GRPS module. Usually GPRS modules need a peak power of round about 7W.
Nice teardown Dave. Designing anti-tamper hardware is a really involved process I spent many months designing a secure memory device recently for the aftermarket automotive industry.
The massive cap there is for providing power for about 100ms in case of power failure. This allows the application to save any critical data to non-volatile storage. When power fails, The application in the terminal gets an event notification.
I'm surprised by the lack of physical security compared to the unit you took apart. With that design it would not be impossible to crack it open and probe the required chips. Although if I was assigned the job of hacking one I would attach a sniffer to the Ethernet and have a raspberry Pi sniff all the packets and wirelessly transmit them to a safe location that would not be risky to recover the data from, or have the remote device use a encrypted 3G/WiFi connection. As soon as you make tapping hardware require a recovery you are in real danger of being court for obvious reasons.
***** Sniffing the Ethernet packets may (or may not) reveal the credit card number only, but not (for sure) the PIN Code as it is transmitted heavily encrypted.
Lathering chips in epoxy isn't much of a security mechanism, so it's understandable why they don't bother with it. More the illusion of security than anything else
I suspect the large cap is there to activate the anti tamper if someone tries to slide an insulator between the button cell and its terminal. The operating life of the terminal would be equal to the life of the battery. Shame Dave didn't measure the voltage left in the battery. If it was exhausted then we know why the terminal was discarded.
Over here in blighty we call them Chip & PIN pads (well, the ones where you stab the card in with the chip facing the right way up or down and get complained at cos you pulled out too early (giggety) even though you didn't that is)... :) As for stealing people's info, these days all you need is one of them FLIR iphone addons and the ability to mug people and take their cards physically, cos the FLIR thing reads where you entered the PIN on a rubber or plastic keypad (coldest to hottest) and there you have a stolen PIN, though a perfect way to thwart the potential muggers is a PIN with one pair of matching digits, so they can only pick out 3 numbers on the pad which increases the probability of getting the PIN wrong when they go to steal cash... :)
Can you make another video with the POS equipment fixed back after tear down and try powering up. Does it display an error message or does not display at all considering that it detected a temper? I have a Garmin GPS that I tore down. But when I put it back and power it up, the backlit glows, but no display on the screen. I believe, it has too some anti-tamper mechanism.
I would bet part of the anti-tamper was having that big-ass cap on a separate board. To access the microprocessor you had to putt it off effectively disconnecting it.
Nice video - I went away learning a lot of new things! It makes sense when you point it out, but i didn't realise the industry already had hardware security mechanisms. Fascinating stuff, thanks! :)
i have the same machine, and the phone line plugs into a little box first that is connected to the rs232 port on the little square connector. so i think the modem is also separate,
Separating those two PCB's would trigger it to erase the keys too, that's why the chips are in that metal shield, once you expose the chips, they are already erased.
I think the backup power is only given by the battery, the giant cap is there to give "electrocution" to the chips depleting instantly when locks are defeated and erasing all roms
I don't think switching the unit will work. The units I work with each have a unique identifier plus a site identifier. This is linked to the client's merchant account, so another terminal couldn't just appear to be it - they'd need to replace those IDs.
At 6:55 you can see some very interresting marking on the case. I'm surprised that he didn't noticed it. It explain the 3 "sim" cards and the missing "GPRS" module. The marking say: "SAM1 SAM2 SAM3" and on top of it you see "SD CARD" The SD card, I guess, is used for developpement... The internal USB is most likelly to connect to the PC/register so it can send the info about the amount, and get back the result of the transaction.
What is the point of tamper resistance if customers are conditioned like trained monkeys to hack in their PIN into any POS looking device? Ok, it makes skimming easier if the device actually works. But that is surely optional. Surely the real issues are trojan PIN pads and the total lack of authentication of the terminal device towards the card.
That highly stitched area on the green PCB screams switchmode power supply to me. The unpopulated fine pitch header next to the large bare gold fill on the bottom is probably the header for the cellular card. It would make sense, since the cellular card will need an appreciable amount of power. No cellular? No-pop the PS section.
In here they use those machines to add credit to prepaid phones. The ones I used back when I worked doing that used GPRS for the transactions, and were pretty nice machines. But we use a different machine for actual transactions with cards.
The multiple SIM cards is are there for several reasons, the predominant one is that you usually have different payment processors for different card brands and transaction types(debit vs credit, local vs international card etc..). Also back then only some processors offered IP based interfaces while many others still used tone based modulation(basically PSTN (like) over cellular, usually a FAX compliant protocol or close enough), on top of that redundancy is something which was important to some costumers especially in the earlier days of GSM where carrier specific network reliability was a much more common issue than it is today. P.S. All PCI-DSS standards are available on the PCIcouncil website and on all major card brands, and for the most part they are complete shit when it comes to actual security. It's about compliance rather than about security and it's "cover thy arse" stamp basically for insurance purposes these days. www.pcisecuritystandards.org/security_standards/documents.php?association=PTS
Ive always heard them called credit card terminals, or usually just a card terminal. Many businesses with a computer based POS system don't have these anymore, its all done with software on the computer and a USB or bluetooth card reader.
I'm not sure how they would go about successfully swapping them without being noticed, the first card swipe would be the giveaway as in order to work it would have to know the correct phone number, the business' account number and the correct serial number. I do know that part of the security is in the communication as well, mostly to detect any sort of nonsense like that. I'd imagine the easy ting to do would be to stick some sort of thing on the terminal that would have a second reader head and memory so that as you swipe the card both the terminal and the added reader will get the card info, they do this on ATMs, they're called skimmers, and its becoming a big problem here in the US.
A much easier "hack" is to swipe the card out-of-sight on a separate machine and use a camera for the PINs. That's why one of the card companies top security tips is to never let your card go out of sight and cover the keypad when entering your PIN.
I wonder, if someone knows the location of the security switches, won't they just make a small hole near each one and then superglue them in their pressed position before taking the device apart?
I have a question for those in the know about these. I networked a friends shop, they had one of these exact terminals, i noticed it had ethernet,as they pay for a dedicated phone line for their terminal, i suggested they use the ethernet instead, save a few bucks.Never actually tested it, but they contacted their provider (ANZ) and they said it has to use phone line.I find this odd and don't really see the point of having the ethernet connector if you cant use it in place of a bloody phoneline! Unless its something not offered just by their merchant service provider. Anyone care to enlighten me? Anyone run a terminal on internet instead of phoneline, in Aus specifically?
wow, thats really crappy tamper security (except for the chip). If you just break the cover instead of taking it off by releasing the screws, you can keep the button pressed down.
I'm sure that if I was any good at electronics and software I could get past most of the security measures. For start, you can get past the switches by grinding plastic bit by bit without affecting plastic pressing down on the switches and then gluing the switches down permanently from the opening. Or if I was any good at electronics, I wouldn't be so arrogant and would acknowledge the impossibility of the feat.
+Luke Hovington Now that's a piece of something. Nothing much else to do with such a thing than probing for weakspots through edges of case parts or buttons and screen.
+Atristiel Yeah but you'd have to know where the switches on THAT device are. Dave was able to get this one BECAUSE it was decommissioned. For all we know, every Nth batch might have the switches in different places and even the install techs would likely be none the wiser, since they have no real need to take the terminals themselves apart in order to connect them to the register. Not only that, as soon as people start tracing any fraudulent transactions they'll figure out where the "leak" is and you're back to square one.
I believe I may have purchased a USB car charger made in a similar very honourable high quality factory. with generous amounts of applied solder. The silk screen was even burned in places to provide security should anyone attempt the reverse engineer the product.
Too bad no company has found a 100% way to stop side channel attacks. When a processor has to process data, it will draw current spikes of a specific pattern for whatever it is doing. Also electromagnetic waves that leak out of products not very well shielded could also be another attack vector.
+EETechs Can't you just put an extremely big capacitor, maybe several small ones in parallel to reduce ESR? I think that's what the big capacitor is all about.
***** a video from 4 years ago played and one from last month. Tried another from 2 years ago but it looks like it is hanging on or waiting for the advert. Must be a TH-cam bug?
TheDutyPaid Yeah, looks like that's the case here. Try clearing the cache (go to settings-> apps -> youTube -> Clear cache). If that doesn't work, the write either to Samsung, or to Google directly.
Would you call "engineering technicians" or "technologists" actual engineers, or would you reserve that title for someone who's gone through at least four years training?
I can't see the problem, since other people have asked unrelated questions and have gotten them answered in past videos. Ergo, as far as I can tell, there's no unspoken or hidden rule asto where one can't ask questions that aren't pertinent to the subject of the video.
Hackers nowadays don't need do physically tamper the devices. They got lan, sd-cards, wifi and other sort of interfaces which are not always 100% securely implemented ;)
A local company (MWR Labs) have experimented with vulnerabilities in POS machines. Here's a video of them running Flappy Bird and a racing game using software exploits. vimeo.com/user12202355
PLEASE try and lower your voice tone. It is SO annoying - all you need to do is try to speak more from your chest. I love your stuff but increasing find I need to turn the sound off to watch.
![[LIVE] : ONE ลุมพินี 88 | คู่เอก "ป้อมเพชร vs อัสลามจอน"](http://i.ytimg.com/vi/1ZqTVVbMgbo/mqdefault.jpg)
I actually spend more than 3 years developing applications for different POS devices, including Sagem EFT30 snd EFT930 families. So a couple of things:
0) This is EFT930S model. S has Ethernet as communication method, so no GPRS here.
1) Those are SAMs, not SIMs. SAM stands for secure application module. Those are to receive custom security devices, carrying some extended security keys, etc.
2) Anti-tamper protection on these devices is really amazing! Not only they have tamper switch, but... Basically, there is a bunch of security keys (PIN key, MAC key, etc.) stored in flash inside crypto-processor. They are stored encrypted by the master key. Master key resides in crypto-processor SRAM. As soon as this crypto-processor detects tampering - it destroys master key. This in turn makes encrypted keys useless, because you can no longer decrypt and use them. And tampering conditions include, but not limited to:
- case opening
- temperature above max/below min
- voltage above max/below min
- invalid signals on I/O ports (e.g. you put something completely unexpected on USB bus)
- circuitry parameters (impedance, capacitance) - you CAN'T just bodge something in
- there is also a guard mesh wound around crypto-processor's crystal, so if you bypassed all the other systems and try to de-pot it to read contents using microscope - oops, keys are gone as soon as this mesh receives any damage.
- un-sogned application upload to device - yes, even if you have the SDK, and wrote an app for this puppy, you have to sign it with some special key in order to be able to upload it to device
3) It goes to "MOCKUP" mode after destroying the keys. To return it to productuion mode, you have to send it back to factory - i.e. only MANUFACTURER can revive it, not just a retailer or something. It requires factory keys for that.
4) PINPAD in general is a separate device, connected to POS TERMINAL, so customer can enter his PIN, while merchant has the terminal. So it's not really correct to call this terminal a pinpad.
Alexander Khritonenkov Thanks for the detailed info!
Wow thats pretty impressive!!
+Alexander Khritonenkov given your experience in the industry can I ask if we are more secure now compared to the past?
Kranbone with EMV we definitely are safer. Just make sure to use the chip and don't fall back to magnetic stripe in suspicious locations.
Alexander Khritonenkov thank you for your advice and input.
Nice to see my item made it to a Teardown, Also i think that massive cap is probably not for tamper resistance but for the thermal printer. I have seen similar large ones in Dymo Thermal Printers.
For those concerned there is a small industry in hacking these pin pads (as they are called in North America). People steal them and drill into to cases in specific places (bypassing the anti tamper). Which allows the harvest of PINs and MSR Data. Many stores are now physically locking down the pin pad so they cannot be stolen.
Always check that the seal is in place in a pin pad. Also make sure that there are no funny holes in your pin pad.
Also simply covering the keypad will stop people from recording your PIN with a video camera.
metal pins at 15:45 are for minimizing smartcard socket to erode, many card insertions are expected and not always well-aligned to the socket, so plastic card will roll across the metal pins and not the plastic edge of the socket
(Lawyer notice: This is not a manual on how to do it, it already happend that way here in Germany.)
Gut one out, replace with own hardware that lets any card pass, store card data and PIN on mSD and call it a day, normal folks will never get the difference.
If you want to spot that "hack" enter your PIN incorrectly the first time. If it passes the device is hacked. If you want good karma you tell the store folks. If you suspect the store owner to set this up, just walk away and call the police. :)
I'd be pretty sure that there would be many more ways a store's system's could tell something is wrong, however if you were simply running your own 'store', it could be somewhat more successful. there are still many problems, like the pin thing you mentioned, and losing money every-time you give away a product without actually getting paid for it, also, nothing would show up on the victims statement, and anyone who happened to use a smart-card enabled card would be essentially impossible to steal from, because of how smart cards work
***** Here in Germany its you stick that card in, so the chip thingy is involved, press Enter once if you are OK with the price, enter your PIN and press Enter on that and either the terminal is fine with your PIN or not.
So Joe Average could never tell that he just got his card number and pin stolen. I should mention that we in Germany use cards that belong to a wire-money/giro account like Maestro, actual credit cards are not that widespread here.
Bastet Furry I don't get it - what's the point? The smart card uses a challenge-response exchange - recording the PIN is useless and there's nothing else to record other than the chip's response to the server's transaction-unique challenge.
Ted Middleton
They just need to regenerate the data on the magnetic stripe and then go grab the money in an "underdeveloped" country.
No harm to you, because you can prove that you where, for example, at work and ~1000 km away from the terminal the money was withdrawn from. The banks rather pay what was lost trough fraud than fixing their system. :3
There are some things I disagree about:
1. The SIM Card holders are most likely SAM Card (+ probably 1 sim) holder en.wikipedia.org/wiki/Secure_access_module
This may also be the reason its processor is not secured to hard, as the crypto stuff is done in the SAM module
2. The "shielding with an unpopulated connector"you described at ~ minute 10 seems to me like and unpopulated GRPS module that could for example hold a telit module www.telit.com/products/product-service-selector/product-service-selector/show/product/g24-lite/
3. The unpopulated stuff on the other side of (2) is presumably the powersupply for the GRPS module. Usually GPRS modules need a peak power of round about 7W.
Well the text on the plastic does say SAM.
Yeah, that's how those PIN pads typically work, SAMs are a lot cheaper than your typical hardened crypto processor.
Exactly, one SIM for GPRS, unpopulated on this device, one SAM for the payment processor, and one for client applications.
Chaiuitita
Chaiuititas
Nice teardown Dave. Designing anti-tamper hardware is a really involved process
I spent many months designing a secure memory device recently for the aftermarket automotive industry.
l28power Yes. This was a relatively simple job, they could have really gone to town if they wanted to.
The massive cap there is for providing power for about 100ms in case of power failure. This allows the application to save any critical data to non-volatile storage. When power fails, The application in the terminal gets an event notification.
Only one of the SIMs will be for the cellular radio - the others are to do with the security stuff, which is why they are populated,
Yeah. A little surprised Dave didn't connect the fact that security/identity modules have applications beyond cellular.
yep, maybe these are SAMs not SIMs for sure
I'm surprised by the lack of physical security compared to the unit you took apart. With that design it would not be impossible to crack it open and probe the required chips.
Although if I was assigned the job of hacking one I would attach a sniffer to the Ethernet and have a raspberry Pi sniff all the packets and wirelessly transmit them to a safe location that would not be risky to recover the data from, or have the remote device use a encrypted 3G/WiFi connection.
As soon as you make tapping hardware require a recovery you are in real danger of being court for obvious reasons.
lmiddleman Yeah, odd, you find them in printers too, so it's not like it's an oddity.
***** Sniffing the Ethernet packets may (or may not) reveal the credit card number only, but not (for sure) the PIN Code as it is transmitted heavily encrypted.
Lathering chips in epoxy isn't much of a security mechanism, so it's understandable why they don't bother with it. More the illusion of security than anything else
4:32 that is just a hole so you can see how much receipt roll you have left
I suspect the large cap is there to activate the anti tamper if someone tries to slide an insulator between the button cell and its terminal. The operating life of the terminal would be equal to the life of the battery. Shame Dave didn't measure the voltage left in the battery. If it was exhausted then we know why the terminal was discarded.
Over here in blighty we call them Chip & PIN pads (well, the ones where you stab the card in with the chip facing the right way up or down and get complained at cos you pulled out too early (giggety) even though you didn't that is)... :)
As for stealing people's info, these days all you need is one of them FLIR iphone addons and the ability to mug people and take their cards physically, cos the FLIR thing reads where you entered the PIN on a rubber or plastic keypad (coldest to hottest) and there you have a stolen PIN, though a perfect way to thwart the potential muggers is a PIN with one pair of matching digits, so they can only pick out 3 numbers on the pad which increases the probability of getting the PIN wrong when they go to steal cash... :)
Can you make another video with the POS equipment fixed back after tear down and try powering up. Does it display an error message or does not display at all considering that it detected a temper? I have a Garmin GPS that I tore down. But when I put it back and power it up, the backlit glows, but no display on the screen. I believe, it has too some anti-tamper mechanism.
I would bet part of the anti-tamper was having that big-ass cap on a separate board. To access the microprocessor you had to putt it off effectively disconnecting it.
Nice video - I went away learning a lot of new things! It makes sense when you point it out, but i didn't realise the industry already had hardware security mechanisms. Fascinating stuff, thanks! :)
i have the same machine, and the phone line plugs into a little box first that is connected to the rs232 port on the little square connector. so i think the modem is also separate,
You should do a video on how thermal printing works.
the two nails at the entry of credit cart can be seen by outside; They are guides preventing wear of plastic when insertion of card
Separating those two PCB's would trigger it to erase the keys too, that's why the chips are in that metal shield, once you expose the chips, they are already erased.
I think the backup power is only given by the battery, the giant cap is there to give "electrocution" to the chips depleting instantly when locks are defeated and erasing all roms
Is it standard practice in Australia to pronounciate it SA-GEM? The company is named "SA-SJEM" (French)
***** Yes, that is how it's pronounced here. I spent a lot of time at the Sagem factory many years back.
EEVblog Cool :D - I have been teased a lot of times because i said "SA-GEM" and was told that it isn't the way it was pronounced.
+zaprodk It's not universal.. round my way we pronounce it "Crap"
I have a feeling that all the keys are on the smartcards you insert into those "SIM" slots on hte bottom.
As they are SAM (Security Access Module) they are indeed where the keys are stored and uploaded to the unit itself.
the cap stores power to flash the firmware when you open the case, no more security is needed. Cellphones store keys without security stuff anyway!
I don't think switching the unit will work. The units I work with each have a unique identifier plus a site identifier. This is linked to the client's merchant account, so another terminal couldn't just appear to be it - they'd need to replace those IDs.
At 6:55 you can see some very interresting marking on the case. I'm surprised that he didn't noticed it. It explain the 3 "sim" cards and the missing "GPRS" module. The marking say: "SAM1 SAM2 SAM3" and on top of it you see "SD CARD"
The SD card, I guess, is used for developpement...
The internal USB is most likelly to connect to the PC/register so it can send the info about the amount, and get back the result of the transaction.
What is the point of tamper resistance if customers are conditioned like trained monkeys to hack in their PIN into any POS looking device?
Ok, it makes skimming easier if the device actually works. But that is surely optional.
Surely the real issues are trojan PIN pads and the total lack of authentication of the terminal device towards the card.
That highly stitched area on the green PCB screams switchmode power supply to me. The unpopulated fine pitch header next to the large bare gold fill on the bottom is probably the header for the cellular card. It would make sense, since the cellular card will need an appreciable amount of power. No cellular? No-pop the PS section.
That plastic spacer would be to prevent downward pressure from the Ethernet USB RS-232 connectors from bending the board?
Generally here in the UK we wefer to these as EPOS. Just thought you might like to know.
In here they use those machines to add credit to prepaid phones. The ones I used back when I worked doing that used GPRS for the transactions, and were pretty nice machines. But we use a different machine for actual transactions with cards.
I wonder if Chris Tarnovsky has had a go at those Dallas secure microcontrollers. The Infineon ones are probably still more secure...
The multiple SIM cards is are there for several reasons, the predominant one is that you usually have different payment processors for different card brands and transaction types(debit vs credit, local vs international card etc..). Also back then only some processors offered IP based interfaces while many others still used tone based modulation(basically PSTN (like) over cellular, usually a FAX compliant protocol or close enough), on top of that redundancy is something which was important to some costumers especially in the earlier days of GSM where carrier specific network reliability was a much more common issue than it is today.
P.S.
All PCI-DSS standards are available on the PCIcouncil website and on all major card brands, and for the most part they are complete shit when it comes to actual security. It's about compliance rather than about security and it's "cover thy arse" stamp basically for insurance purposes these days.
www.pcisecuritystandards.org/security_standards/documents.php?association=PTS
Oh and the usb on the side is for linking to epos. Nothing more. Updates are done over the PDQs connection.
Why does the shielding can over the application processor have big open areas in the top of it? That would stop it from working, no?
Pretty sure that empty connectors on the back of that top board is for the GPRS modem
There called PDQs in the uk (process data quickly) i install a lot of them here in my job.
Was anyone else waiting for explosive the dye pack?
Ive always heard them called credit card terminals, or usually just a card terminal. Many businesses with a computer based POS system don't have these anymore, its all done with software on the computer and a USB or bluetooth card reader.
Dave ... This is the E Modell which doesn't has GSM Capabilities... Ethernet & Modem only!
I'm not sure how they would go about successfully swapping them without being noticed, the first card swipe would be the giveaway as in order to work it would have to know the correct phone number, the business' account number and the correct serial number. I do know that part of the security is in the communication as well, mostly to detect any sort of nonsense like that. I'd imagine the easy ting to do would be to stick some sort of thing on the terminal that would have a second reader head and memory so that as you swipe the card both the terminal and the added reader will get the card info, they do this on ATMs, they're called skimmers, and its becoming a big problem here in the US.
A much easier "hack" is to swipe the card out-of-sight on a separate machine and use a camera for the PINs. That's why one of the card companies top security tips is to never let your card go out of sight and cover the keypad when entering your PIN.
The big capacitor is used to maitain power when batery is replaced, perhaps.
When you unplug the device you have like 80ms to dump things to the flash, I guess that is the big capacitor for.
have you changed your camera? FPS seems smoother
The USB ports might be for for connecting the reader to a computerised till system.
Great video! Do you think alot of security is on our cards and at the Bank?
Your video looks glorious Dave. Beautiful smooth sumptuously coloured and of course outstanding content. Did you receive the Irish whelks yet?
I wonder, if someone knows the location of the security switches, won't they just make a small hole near each one and then superglue them in their pressed position before taking the device apart?
Why are PCB's always green?
+Spikey Husky there not
+JamesCon Tanks ok why are they green MOST of the time? jees if you cant answer my question just don't comment
it cheeper for them to be green thats y
+JamesCon Tanks so green paint iis cheaper than no paint ?
its not paint it what happens in fireing the plastic go green being made
The driver for the anti-tamper is located???
what do you think of the goot RX-802AS solder station
14:37 what it that piece o metal sticking out of the bottom black plastic?
I have a question for those in the know about these.
I networked a friends shop, they had one of these exact terminals, i noticed it had ethernet,as they pay for a dedicated phone line for their terminal, i suggested they use the ethernet instead, save a few bucks.Never actually tested it, but they contacted their provider (ANZ) and they said it has to use phone line.I find this odd and don't really see the point of having the ethernet connector if you cant use it in place of a bloody phoneline! Unless its something not offered just by their merchant service provider.
Anyone care to enlighten me? Anyone run a terminal on internet instead of phoneline, in Aus specifically?
In the U.S. it's known in InfoSec as PCI-DSS.
why are you waiting so long with the ds1054z review... :(
OPEN IT ALREADY GRR!
wow, thats really crappy tamper security (except for the chip). If you just break the cover instead of taking it off by releasing the screws, you can keep the button pressed down.
I'm sure that if I was any good at electronics and software I could get past most of the security measures. For start, you can get past the switches by grinding plastic bit by bit without affecting plastic pressing down on the switches and then gluing the switches down permanently from the opening.
Or if I was any good at electronics, I wouldn't be so arrogant and would acknowledge the impossibility of the feat.
+Atristiel More modern security devices have a woven mesh in the case, so if any tool was to drill into the case would set off the erase procedure.
+Luke Hovington Now that's a piece of something. Nothing much else to do with such a thing than probing for weakspots through edges of case parts or buttons and screen.
+Luke Hovington Okay, I read more about their security. It's impossible.
+Atristiel Yeah but you'd have to know where the switches on THAT device are. Dave was able to get this one BECAUSE it was decommissioned. For all we know, every Nth batch might have the switches in different places and even the install techs would likely be none the wiser, since they have no real need to take the terminals themselves apart in order to connect them to the register.
Not only that, as soon as people start tracing any fraudulent transactions they'll figure out where the "leak" is and you're back to square one.
Next step is to show us how to get the security keys from the chip :)
I believe I may have purchased a USB car charger made in a similar very honourable high quality factory. with generous amounts of applied solder. The silk screen was even burned in places to provide security should anyone attempt the reverse engineer the product.
Please !! Don't say PIN number...it's redundant. It's like saying Personal Identification Number number.
Sorry, I'll crawl under my desk now....
And with that, I'd like to introduce the New NTFS File System!
Taemun Garacaius And the ATM machine!
... like LCD Display ;-)
PNS syndrome (Personal identification number Number Syndrome syndrome) is the most common form of RAS syndrome (Redundant Acronym Syndrome).
SAI Peregrinus Chai Tea
Someone can empty it out and stuff their own circuits in it...
Too bad no company has found a 100% way to stop side channel attacks. When a processor has to process data, it will draw current spikes of a specific pattern for whatever it is doing. Also electromagnetic waves that leak out of products not very well shielded could also be another attack vector.
+EETechs Can't you just put an extremely big capacitor, maybe several small ones in parallel to reduce ESR? I think that's what the big capacitor is all about.
Videos no longer play using the TH-cam app on my android note 2, anyone with a tech head got an idea? App fully updated.
Dave's latest videos are uploaded in 1080p50. Maybe this is the issue?
***** a video from 4 years ago played and one from last month. Tried another from 2 years ago but it looks like it is hanging on or waiting for the advert. Must be a TH-cam bug?
TheDutyPaid Yeah, looks like that's the case here. Try clearing the cache (go to settings-> apps -> youTube -> Clear cache). If that doesn't work, the write either to Samsung, or to Google directly.
I have Win8.1 and haven't had a problem with any videos in 2 years. Maybe it's because I have fiber optic internet service, I'm not sure.
Robert Calk Jr.
This is for my phone, but now I am having problems on my PC Win7 and my internet is 80 down / 20 up.
The key pad is upside down, weird.
in sweden we call it "kortterminal"
Most of the pads are very shiny … it looks like these are leaded joints
Very cool video, learned something new today :)
I think people can actually make a fake terminal that looks just like it and replay megstrip / key stroke to the actually device.
albb0920 Maybe the further devices need security signals from the terminal along with transaction information to check if it's a legitimate terminal.
Chip & pin machine in the UK.
Nice piece of technology good video 10 /10
awesome video!
Or
JBC Soldering Tools CD-2SD Precision Soldering Station - 230V - 2014 EDITION
Would you call "engineering technicians" or "technologists" actual engineers, or would you reserve that title for someone who's gone through at least four years training?
Would you regard this post as relevant to the video, or would you expect it to be posted somewhere else?
I can't see the problem, since other people have asked unrelated questions and have gotten them answered in past videos. Ergo, as far as I can tell, there's no unspoken or hidden rule asto where one can't ask questions that aren't pertinent to the subject of the video.
To be called an engineer one must be part of an order.
Hackers nowadays don't need do physically tamper the devices. They got lan, sd-cards, wifi and other sort of interfaces which are not always 100% securely implemented ;)
is that giant square or shielding
REAL GOLD?????????????
A local company (MWR Labs) have experimented with vulnerabilities in POS machines. Here's a video of them running Flappy Bird and a racing game using software exploits. vimeo.com/user12202355
Cool device
that is butter smooth.
SAM != SIM
Jajaa buenisimo, me encanto la serie, porfavor sube la segunda temporada saludos
Looks like a ripoff of Ingenico here in the US
Ones more just show, better to pay the " man" then try the hard way, why hack a company if they have a 100usd a month staff
I got in trouble for having one of these, apparently they belong to the bank D:
I had to return it after buying it for like $30 :(
chip and pin
I was born in 1994 awesome :-)
@zaprodk zeeeeeeeeeee! Murca!!! You Essay you essay!!!!
My iphone works fine
iPhone = NSA spy device.
whoops, my ears just fell off...
I know why everybody came to see this video, ha haaaaaaa ;)
Jazz
PLEASE try and lower your voice tone. It is SO annoying - all you need to do is try to speak more from your chest. I love your stuff but increasing find I need to turn the sound off to watch.