Tools for defeating POS anti-tamper

[Cartographer]

Stolen from a security tester's report. Feel free to add anything else you might know about to the list
Tools and Techniques
A h4x0r looking to exploit the vulnerabilities of a PED will make use of a number of tools, both common and complex. This analysis is focused on some of the more useful, easy to acquire tools and their potential uses.

A hand-held rotary tool plays a significant role in many attack strategies. This type of tool can be used to access internal areas by cutting the case, removing internal case material in order to access security relevant components, and for the removal of large/hard epoxies.

Adhesives are commonly used to hold switches shut and hold other pieces in place. A dental pick is primarily useful for its ability to scrap away epoxies from components or out of
Conductive vias in a PCB. They are also useful in the application of adhesives that are used to keep tamper response switches closed. As well, a dental pick in conjunction a small amount of
epoxy can be used to place malicious wires and components into tight spaces.

Conductive epoxy can be applied to a PED to short out component contacts and act as a ‘cold
weld’ for heat sensitive applications and tight areas. As well conductive epoxy provides an easy
Method of attaching wires to traces that have been revealed by scrapping off the PCB’s conformal coating. In order to make connections with small conductive vias on a PCB,

Magnet wire can be sharpened and inserted into these holes. Sometimes a pair of pliers is required to work in tight spaces.


I did not write this information, I simply stole it from other sites.

Anti-tampering mechanisms

The Ingenico PED’s enclosure is made from two plastic shells attached to each
other by four ‘Torx 6’ star-head screws possibly intended to prevent casual opening.
A tamper-response switch is released upon opening the shell, and breaks a
supervisory circuit, as shown in Figure 1(a). One entire internal circuit board
layer is a dense sensor mesh that is intended to detect drilling from the rear of
the PED. This sensor mesh extends to a three-sided wall that protects the switch
from drilling through a user-accessible compartment (shown in Figure 2(a)). Additionally,
four contacts (one of which is shown in Figure 1(b)) are pressed by
the enclosure’s top shell, so as to alarm if the keypad panel is removed. The contacts are surrounded by a conductive ring connected to the battery supply; this
is presumably to prevent the attacker from defeating the mechanism by injecting
a conductive liquid. The processing module is potted and gift-wrapped with a
coarse sensor mesh.

The Dione PED is ultrasonically sealed at seven interlocking plastic joints, and
has a simple pad shorting a contact to detect opening. Unlike the Ingenico PED,
it has no mechanisms to detect drilling from the rear (the designers even provide
easily accessible circuit board pads to short the tamper detection mechanism).
However, the main processing unit and the keypad are potted together, which
makes it harder to capture PIN keystrokes between the keypad and the processor.



I did not write this information, I simply stole it from other sites.

Dismantling

A wide range of sensors is available including simple micro- switches to detect
removal of external case screws or lid assemblies, these may be supplemented
by magnetic reed switches and permanent magnet actuators on mating
surfaces. Active techniques of ultrasonic or infra-red space signature may be
utilised, although because of power constraints it may be necessary to pulse
these detectors to conserve battery power. After an extended period on battery
power, performance of these detection circuits may degrade and it is difficult
to make them fail `safe'.

Mains Power Variation/Monitoring

In order to ensure that no vestigial signal representing secret data appears on
the mains power interface to the device, filtering should be employed between
the device mains input and the power supply input point, and the power supply
low voltage outputs should be adequately filtered and decoupled. Passive
transorbs and fuses provide protection against deliberate over-voltage and
reverse- voltage attacks on the device while good design practices must be
observed when implementing power up/down monitoring circuits designed to
protect the integrity of secure data.

Physical Removal

Unauthorised attempts at moving the device can be detected by tilt and jitter
sensors which operate when the device is, for example, tilted more than 20º
from the horizontal or subjected to the sort of vibrations generated by a normal
power tool. Additionally, to protect against illegal removal of the power or
communications cables, closed-loop alarms should be connected through both
security devices and peripherals via the connecting cable assemblies.

Drilling and Grinding

Encapsulation of the sensitive electronic components holding secure data in a
potting resin is a well-known process which certainly acts as a good physical
barrier to an intruder wishing to probe the key storage electronics. The
simplest method to gain access to the sensitive components is to drill, mill,
grind or plane the potted area until sufficiently close to the target and then
proceed more carefully using fine hand tools. In order to successfully attack in
this way, knowledge of the layout of the PCB and the associated components
is desirable and this is best accomplished using X-Rays, the drilling procedure
may then be undertaken more accurately.
Embedding a fine mesh of multiple layers of randomly located fine wires within
the potting or, alternately, integrating a flexible PCB with multiple orientation
alarm tracks on it, is a useful detection mechanism against these attacks. It is
interesting to note that if the wires are fine enough, accurate detection of their
location by X-Ray means is a relatively difficult task. Obviously, all
components accessing secure data paths must be enclosed within this
encapsulation. In a classical bus-oriented micro computer solution, this
obviously applies to all devices having access to the main data and address
busses.

Solvents

Since the embedded shield methods of Section (iv) render drilling, grinding and
planing relatively difficult, a suitable chemical solvent attack on the
encapsulation would prospectively seem attractive. If the potting compound
has been carefully selected by the manufacturer such that any appropriate
solvents for it are also solvents of the chip fabrication materials and PCB
fabric, together with probably having special handling problems owing to its
volatility, then solvent attack becomes more difficult. Embedding fusible links
within the potted area such that mass flooding or immersion is impractical is an
added safeguard.

Temperature

Since the majority of electronic components perform within a temperature
specification of, typically, -3OºC to +85ºC and these would generally include
the alarm detection and key destruction circuitry, rendering these circuits
inactive by raising or, more generally accepted, lowering the unit temperature
to, typically, - 80ºC would render these circuits inactive. Hot and cold
temperature attacks are relatively easily detected by the inclusion of
temperature sensors within the alarm circuitry which operate at, say, -25ºC and
+7OºC although the effect of thermal shock on these devices and the units
themselves, due to sudden change in temperature (e.g. by immersion in liquid
nitrogen (-l95ºC)), must be carefully calculated to ensure correct failsafe
operation. The choice of temperature detection thresholds is important if false
alarming of a device in transit (e.g. an aircraft hold or a car boot) is to be
avoided.

X-Ray

As mentioned in Section (iv), the use of X-Rays as a mechanism for locating
critical components and data paths is extremely useful. Including X-Ray
detection in alarm circuitry at first sight seems attractive, although in practice
when devices are despatched from manufacturers premises for subsequent
shipment by air freight, they are likely to be X-Rayed under normal security
procedures and hence alarm systems activated. As an alternative the sensitive
component areas may be screened against X-Ray surveillance by a lead shield.
Practical experience shows that, to be effective, the thickness of lead should
not be less than typically 3mm, and the surfaces should be stippled and
scratched in random pattens to enhance the deflection effects.

EMI/RFI

In considering the effects of electromagnetic and radio frequency interference,
it is apparent that these effects are bi-directional i.e. radiation of signals from
the device should not be capable of interpretation to reveal secret data, nor
should any external interference source directed at the unit cause it to
malfunction or `latch-up' into a predictable state. This latter effect is
particularly important in considering the behaviour of white noise seeded
random number circuits which generate encryption keys. In designing device
enclosures, material' choice and bonding techniques which affect EMI
behaviour are naturally important. It is generally accepted that metal case
construction is preferable, and good electro/mechanical designs should be
employed to ensure minimum escape of radiated energy. Additional barriers
around sensitive component areas may be provided using copper screening
cans with modular `onion skin' construction techniques. Recent advances in
spray-on conductive graphite, nickel and silver coatings give EMI/RFI
attenuation performance figures of typically greater than 70dB which approach
good design objectives of, for example, 100dB. A combination of these spray
techniques and metal case construction can lead to good EMI/RFI resilience
and a reasonable level of physical strength