Sign in / up

back to article IBM, ATMs – WTF? Big Blue to probe cash machines, IoT, vehicles, etc in new security labs

IBM has promised to open four research centers that will hunt for security vulnerabilities in technology – including a team dedicated to probing cash machines for flaws. It has been eight years since the late, great hacker Barnaby Jack took to the stage at the Black Hat USA conference in Las Vegas, and showed attendees how in …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Denarius
    Meh

    open 4 centers

    sure, for how long before said jobs are resouce actioned or sent to cheaper locations ?

    8 0 Reply
  2. Mike Lewis

    Democracy inaction

    Are they going to probe voting machines too?

    0 0 Reply
    1. Claptrap314 Silver badge
      Reply Icon

      Re: Democracy inaction

      The more I've been up close & personal with political operations, the more convinced I've become that the entire purpose of voting machines is to create opportunity for fraud.

      Paper, fill-in-the-oval ballots, all the way. Use the same scantron you use for scoring tests.

      0 0 Reply
      1. Christian Berger
        Reply Icon

        Re: Democracy inaction

        Why even scan them, Germany shows that you can easily have a hand-count of most elections within 2 hours, including tabulating the preliminary results.

        0 0 Reply
        1. Claptrap314 Silver badge
          Reply Icon

          Re: Democracy inaction

          You must have MUCH smaller jurisdictions that I'm used to. Most of my work was in Travis county, Texas (Austin). With a couple of hundred precincts, it takes almost three hours for the boxes to all be received at central counting.

          0 0 Reply
  3. Christian Berger

    Cash machines would be moderately simple to secure

    Since they need to be online anyhow in order to function, why not put all the intelligence into a trusted server in a secure location? Just make all sub-devices talk directly via end-to-end encrypted channels with it. Have the sub-devices as simple as possible (i.e. by not using the complex protocol negotiations of TLS, or complex operating systems), connect them via a VPN-Router to the server, and there you go.

    Obviously those small subsystems need to have good physical security. However with ATMs you already have an established culture of that, as well as the logistics to transport physical objects to it. That way you could do firmware updates by swapping and refurbishing the hardware modules.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like