Security Review: Blinger?
I’m going to guess that you, like me, have just found out about this device. According to news reports and their website (https://www.blingerstore.com/0/vnc/), BlingNation’s Blinger is a new, portable ATM device. It has a magstripe card reader on the back, and a wireless link to their network. It will let you transfer funds, get your account history and everything else you can do with online banking, all without a laptop/desktop.
Assets / Security Goals
- Protecting personal information used in operating this device is key to its function.
- Assets surrounding this device are account numbers, PINs, and the identity of the user.
- This device is also protecting the public confidence in the company, because losing customer information due to an attack would effectively kill this product.
Adversaries / Threats
- Anyone wanting to steal personal data, either to sell for profit or to impersonate the victim, would want to attack this system.
- A rival company may want to break public confidence in the company and its devices.
- There is an opportunity for owners of this device to take credit cards from others and transfer funds on the fly.
Potential Weaknesses
- This device is wireless, so anyone with a receiver could capture traffic from these devices. The site isn’t specific about what kind of wireless band the device is using, whether wifi, 3G, 4G, or some proprietary system. Depending on the band, the receiver might be local access only, or nationwide. In both cases, the receiver can be exploited. In the first, there may be an opportunity to clone the point, or take control of it. In the latter, it’s a public access point that would allow anyone to watch transaction traffic. Encryption may be used, though Pablos’s lecture demonstrated that poorly used encryption on wireless devices is a major weakness.
- The device itself must store some personal data on it to be able to access account history – normal credit cards wouldn’t have access to this information. Theft of this device could be devastating to privacy as well as personal identity.
Potential Defenses
- To counter the wireless vulnerability, I would probably use an end-to-end rotating public/private key encryption scheme. I would also suggest that these keys be unique to each device, so that copying the encryption on one wouldn’t compromise another. It would be even more beneficial if SSL could be used while traversing the Internet.
- To answer the personal data problem, secure passwords on the device would be a helpful start. An additional problem is that if stolen, the adversary would have direct access to the components, so the device would have to protect against being dismantled. I remember reading that one solution to this is to trigger a small amount of epoxy to encase the chip, which would render it useless.
Risk
Personal data and money could be taken by compromising this device. The device’s network is designed to be individually supported by retailers, “wherever the BlingNation network is accepted”. These two facts make the reach and reward of this system vast. I would say the risk that this system will be compromised, or that an attempt will be made to compromise it, is very high. The fact that it may not have a registration system or cameras to track usage, makes it all too easy to compromise someone’s credit card.
Conclusions
I’m not sure a system like this is viable to maintain or even produce, in today’s world. Wireless internet is becoming ubiquitous, as are cellular access cards for laptops. Putting a nationwide system in place this late is futile. Too many people could compromise the network, and the built-in card reader only encourages people to use it to steal.