Comment on In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network
pupbiru@aussie.zone 4 days agoi’d have said that’s less important than TLS or something on your ATM, a VLAN for ATMs that can only access specific services, and all ports not on a VLAN just disabled
really you just want to stop traffic from being sniffed (stolen credentials) and spoofed (“correct - dispense $10000”)… beyond that, you just have to assume nothing. the services that an ATM connects to should be robust enough that they do all the validation - the ATM is pretty dumb (kinda in the same way as your browser on your computer: it gets no decision making to access your bank; just is input and output)
MAC addresses are easy to spoof, and physical security is pretty difficult on something like an ATM that’s publicly accessible
Saleh@feddit.org 4 days ago
Ahh, i remember how my older brother locked down my internet access after midnight on behalf of my parents, boasting about having set up a MAC-address whitelist in the router some 15 years ago.
About a week later or so he proceeded to play Battlefield 3 on his early Samsung smartphone all night during summer holidays.