OSDev.org

Where's your ISP? Let's MITM this

berkus wrote:So just adding a custom firewall in between your system and the internets you can

a) figure out the IP and port it connects to,
b) Re-route packets to impersonator host that would configure your terminal in some custom way.

And since there are no flaws, you probably haven't protected against that either.

Won't work. The communication protocol is binary & proprietary.

In addition to that, you need to open the terminal in order to insert a new firewall, and the only way
of getting it operational after that is to use a function-card that is validated against our host system.

rdos wrote:Won't work. The communication protocol is binary & proprietary.

Ah, security through obscurity. Didn't work before, doesn't work today, won't work tomorrow. I sure hope your "binary & proprietary protocol" is encrypted, and encrypted well. (I worry about the key exchange process, for example, e.g. when an attacker taps one of those terminals.)

In addition to that, you need to open the terminal in order to insert a new firewall...

All I need is access to the network somewhere between the terminal and your host. Figuring out the IP of your host is a piece of cake, patching a machine with that same IP into the network at the local distribution node isn't much of a bother either if there's money to be had.

All that's assuming there's no "traditional" security flaw (like buffer overflow or stack corruption), or some social vulnerability at your company to be exploited.

Face it. Anybody saying "there are no security flaws in my system" is simply lying to himself. That's not me trying to flame you, that's me citing a fundamental truth of system security. There are only layers of "X more secure than Y".

I could get you into contact with a friend of mine who's working in data forensics and network security. The things he could show you about "binary and proprietary formats" would make your skin crawl...

Our application does not send sensitive card data over the Internet. This is not allowed by PCI. The data sent is for terminal configuration and local payment cards only. We have integrated against a provider of a validated bank-card solution that runs on a separate computer. They use an embedded Linux distribution. Thus, there is no economic incitament to hijacking our host connection, other than for a denial of service attack.