On 27/11/13 21:15, NdK wrote: > Found: > > http://www.lightbluetouchpaper.org/2006/12/24/chip-pin-terminal-playing-tetris/
Meh. They just replaced all hardware inside and only re-used the shell of the device. While it illustrates the point they're making in the article, it's not nearly as cool as modding the firmware of the actual hardware through a rogue firmware update. And even then I'm missing some nice details: how did they take care of the special sticker that is supposed to crack when you try to open the device? (It's usually holographic to prevent reproduction). And did the case crack or snap when disassembling, leaving obvious marks where it did? I'm not saying these are sufficient methods to prevent access to the inside[1], I'm asking if they could take care of these things. For all I know, the underside of the device in the video is a mess of broken plastic with some strips of holographic sticker keeping it all together. They compare it to the hack on the voting machine. I absolutely disagree: that hack is what I'm talking about, a rogue firmware update, throw in a little electromagnetic emission analysis for extra goodness. I could do the PIN pad hack. I certainly can't do the voting machine hack. Again, it illustrates the point they're trying to make, but it's not spectacular. [1] For instance, you could take two or more devices, and saw them through at different places. Once you have them somewhat open, you can probably carefully pry pieces apart until you have an undamaged specimen of each part of the case. By the way, you could prevent access to the insides fairly well by filling it up with polyurethane once assembled, obviously making sure you have sealed all gaps like card insertion slot and keyboard :). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
