Wednesday, August 20, 2008

beautiful attack

via zero day: suspected insider help or coercion to get backdoored components installed in atms. the people who installed the hardware were dressed like legit technicians.

this is a beautiful attack because it can be done in broad daylight against targets that people wouldn't normally suspect. if you don't get greedy and you don't slip up, you could run an op like this for a long time before anyone caught on.

the more we push automated systems out to physically autonomous end-points, the more we'll have to worry about similar attacks. i am surprised ATM physical security is relatively single-layered...

No comments: