undefined | Better HN

0 pointsCydeWeys6y ago0 comments

I assume the meters are network-connected because they take credit cards, but they can't be remotely updated? Seems like an obvious omission.

0 comments

leereeves6y ago

Or a deliberate security measure. Embedded devices often use Harvard architecture, with separate memory for code and data, so not allowing remote updates makes remote code execution impossible.

Cyph0n6y ago

Sure, but there are at least two other options that are essentially as secure, assuming the “remote attack” threat model:

1. Allow customers to download updates and flash over USB.

2. Boot device into a limited mode that allows signed updates. Certificate should be stored in secure memory.

ethbro6y ago

I don't deal with PCI personally, so $0.02, but we're talking retail or unattended devices here.

I.e. low wage, minimal training, not technically proficient users with unsupervised physical access to the machine

A machine through which a large amount of cash (virtual or otherwise) flows.

The criteria of (a) being updatable by a semi-technical customer & (b) being secure against technically malicious or socially engineered ignorance attacks seem challenging to simultaneously satisfy.

NotSammyHagar6y ago

allowing easy update over usb is its own thread model, lessened with only allowing signed updates. Like almost everything, it's likely these parking meters have terrible security design. the parking meter I use commonly is incredibly slow, every button push takes 1/2 a second to update the small lcd ui, I really wonder what it can be doing to be so slow. It's probably using multiple levels of interpolation to run a js program or something.

j / k navigate · click thread line to collapse