A look into the physical security techniques used to protect the digital secrets in a relatively modern wireless credit card POS terminal. I have a second channel: / @markfurneaux2659
Those pieces of PCB material with a step machined in that are soldered on top of the legs for the connectors are very likely just to protect against someone drilling a hole in the back case and directly probing the connections to the card readers and thus stealing people’s card details.
I doubt the key sram is in the PCB material. It'll be in one of the special SoC/Microcontrollers. The is a CCC (I think) presentation about extracting the keys from cable TV boxes that details breaking down similar setups (albeit with less tamper proofing). That guy eventually worked out enough of the chips to load a trojan onto the chip and extract the keys.
They might have got rid of it due to the 3G shutdown. Any sort of 3G comms equipment is basically worthless at this point. The devices I use seem to occasionally self-trip their tamper detection mechanism, rendering them useless. They also don't use epoxy potting, as you say, expensive to produce. I think it just relies on the numerous serpentine traces. There may be other small things like light sensors or accelerometers as well.
@@unicodefox It sends an error to the user that shows its been physically tampered, and is unusable. Only the manufacturer is able to fix it at that point.
@jaro6985 what about the android based ones? Cause I have one that runs android 6.0.1, and I'm trying to hack it to install apk files as I want to get mine running DOOM.
It looks like one of them at least was an antenna. The other might be too for things like nfc wireless payments. For things like google pay and apple pay and physical cards
@MarkFurneaux How do you fix the port if it won’t charge with the wire in the port? It seems loose? It’s this same model. Please help! 🙏🏻 Thank you. 👍🏻
I can't see why it should have any secrets, it can read it from the smart card each time there is a payment, the bank can hide it there. edit: or the card could do the communication itself and the terminal just relays the encrypted messages.