Expertise / areas of competence –software and computer related hardware, such as ATM / POS devices, CDM/CRM, EPP, CRW, etc., but not physical security:
- ATM security auditing and testing: performing security audits and testing against the entire landscape (device, network, and host), simulating real attacks, looking for both standard (O/S, vendor API, network), but also application layer security vulnerabilities in the ATM operational and management applications and frameworks. The typical devices under scrutiny are NCR, Wincor, KEBA, with a vast range of application and controlling software solutions and platforms.
- ATM security consulting: provide consulting in respect to improving the ATM device, network and host safety, define evaluation criteria for cryptographic requirements, develop measures and devices (hardware and software) for prevention of logical ATM attacks, assisting banks and ATM/POS operators in defining trust zones and improving the safety of ATM operations by protecting key areas – dispenser unit, EPP, and card data. Typical projects are ATM network hardening, local ATM security implementation, full disk encryption / IPS for ATMs, cash operations signing, cached customer data protection.
- ATM security development: development of hardware / software solutions for preventing logical attacks and compensating for the lack of a trusted environment in the typical ATM computer unit; solutions for prevention of offline attacks by full disk encryption and signed boot-loader, with ATM integrity verification.