Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Break Currency Validator To Pass Any Paper As Valid Euro

Posted by Unknown on from the teeny-tiny-security-hole dept.

Trailrunner7 writes "If espionage is the world's second-oldest profession, counterfeiting may be in the running to be third on that list. People have been trying to forge currency for just about as long as currency has been circulating, and anti-counterfeiting methods have tried to keep pace with the state of the art. The anti-counterfeiting technology in use today of course relies on computers and software, and like all software, it has bugs, as researchers at IOActive discovered when they reverse-engineered the firmware in a popular Euro currency verifier and found that they could insert their own firmware and force the machine to verify any piece of paper as a valid Euro note. 'The impact is obvious. An attacker with temporary physical access to the device could install customized firmware and cause the device to accept counterfeit money. Taking into account the types of places where these devices are usually deployed (shops, mall, offices, etc.) this scenario is more than feasible.'"

8 of 162 comments (clear)

  1. Firmware update? Unlikely. by mveloso · · Score: 4, Funny

    I doubt that you'd be able to hang around a cash register with a serial cable and update some device's firmware without someone noticing. At that point why not just update the cash register's firmware and have it give you money directly?

    1. Re:Firmware update? Unlikely. by Qzukk · · Score: 5, Insightful

      "Hello, I'm from the maintenance department and I'm here to update your firmware to protect you from the exploit that was recently published on 2013-10-13."

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    2. Re:Firmware update? Unlikely. by jandrese · · Score: 5, Insightful

      Unless this attack is a buffer overflow or something when you put in a particularly formatted note, I don't see the issue. "Oh, you can bypass the bill checker if you break the machine open, pull the ROM chips, and put in new ROM chips!"

      According to TFA, the guy went and analyzed the firmware to discover how it worked, and then noted that you could bypass the check routines in it to always set the "good" pins high. About the only thing even mildly worrying is that there is apparently no crypto lock on the firmware, but a crypto lock on the firmware would be useless if you have physical access to the machine anyway, only slightly complicating the job of redesigning the internals, so that's not saying much. There's a reason these machines are secured with a lock and a sturdy metal case.

      --

      I read the internet for the articles.
    3. Re:Firmware update? Unlikely. by SuperCharlie · · Score: 4, Interesting

      When I was around 12 or so, my dad was in the army and worked on anti-aircraft systems. One Saturday he needed to get or do something at the shop so he drug me along for the ride. Both of us in our plain clothes. We walked up to the shop, 2 guards patrolling, he said hi, pulled out his keys and opened the door. I was in awe of what I saw inside.. 15 M163 Vulcan self-propelled anti-aircraft guns all in a line. We piddled with some things, he started one up and made sure to tell me repeatedly dont stand in front of this.. (the radar).. and after an hour or so we left.

      Almost to the car, he said.. "you remember those two guards?" "Yes.." I said "I didnt know them from Adam. You can get away with anything if you look like you know what you are doing."

      A lesson I have remembered all my life and used on more than one occasion.

    4. Re:Firmware update? Unlikely. by sootman · · Score: 4, Insightful

      > Which is a vulnerability of your employees
      > allowing access to some stranger...

      I work in an office with over 500 employees. Do you think I know everyone who works in security, telecom, and I.T.?

      --
      Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  2. Well duh by PhilHibbs · · Score: 4, Insightful

    If you can physically access and modify a machine, you can change the way it behaves. Is this really news? Can they do it wirelessly? Over the internet?

    1. Re:Well duh by gstoddart · · Score: 5, Insightful

      f you can physically access and modify a machine, you can change the way it behaves. Is this really news?

      This part of the article is what struck me:

      After watching some videos from the vendor Inves on the machine's operations and reading through the machine's documentation, Santamarta came to the conclusions that some of the security claims the vendor makes were somewhat specious.

      "Unfortunately, some of these claims are not completely true and others are simply false. It is possible to understand how Secureuro works; we can access the firmware and EEPROM without even needing hardware hacking. Also, there is no encryption system protecting the firmware"

      So it sounds more like the company said "our stuff is secure, awesome, and hax0r proof", and someone essentially said "challenge accepted".

      That he could do the initial reverse engineering without ever even having had the device (he downloaded just the free firmware) tells me that this device was pretty ripe for the picking.

      --
      Lost at C:>. Found at C.
  3. Second-oldest profession FTFY by Anonymous Coward · · Score: 4, Funny

    Politics is the worlds second oldest profession, noted for it's uncanny likeness to the first.