Advertisement
REGISTER | LOGIN
Breaking News
View Comments: Newest First | Oldest First | Threaded View
asssd
User Rank
Rookie
Re: look to the embedded past
asssd   12/27/2017 2:42:22 AM
NO RATINGS
They probably can print this amount in 5 minutes... not a huge issue.

EricOlsen
User Rank
Rookie
Unhackable Computers
EricOlsen   12/26/2017 1:50:56 PM
NO RATINGS
And please note that in all the reference of casino cheating out there, there is none that is hacking code.  (OK, the lottery example might be one because of it's terrible implementaiton, but it's still highly insider also).  Keep in mind the gaming industry is the most "attractive" industry for cheats, I can promise that.  Yet code modification is not a method these cheaters can easily use, even for the highly equiped and financed Russian hackers.   Yes it's happened before, but when it does, it's most always an insider, and that I do not classify as a hacker, but an insider cheat.  

EricOlsen
User Rank
Rookie
Re: Unhackable computers
EricOlsen   12/26/2017 1:05:39 PM
NO RATINGS
I confess, I wanted to give a boost to Colin's thread, looks like I did!.  If I can clarify, the casino gaming industry is not impervious!  But the lottery cheat was suspected to be related to an insider, and the software and system design of the system was pathetic, in that it allowed a late lottery entry to win!  The case of the jackpots being tampered by inserting an eletrical shocker into the hopper area is a great example of the many tamperings we've had to guard against.  For this, we learned to control coin hoppers with more complex triggering circuits that didn't simply run away when an electrical shock was applied.  And yes, the case of tracking the PRNG of gaming systems is quite true.  The most famous exaple was that of a gaming control agent that had access to the code, was supposed to protect the industry, but instead got greedy and wrote a program to track the psuedo-random number generator for the game of keno.  Problem was, he won a 20 out of 20 spot, then a few games later, he won a 19 out of 20 spot (he was playing ahead on scheduled keno games).  That's when security guards were dispatched to his room!  Some other sophiticated cheating schemes involves mobile computer systems that are wirelessly linked to track PRNG's of weak games.  But the industry has fouhgt these things, and that's why we have GLI and other labaratories which must approve our software before it gets to the casino floor.  In this way, the casino gaming industry has kept ahead of hackers, and we have the most secure industry in the world as a result.

dt_hayden
User Rank
Author
Re: Unhackable computers
dt_hayden   12/26/2017 11:42:42 AM
NO RATINGS
I recall seeing documented a case where someone hacked the hardware of a 'slot machine' by extending a probe up the payout chute and triggering a payout.  I'm guessing the probe triggered some opto-couplers involved in the machne logic, the show didn't say.   Then there's this approach, taking advantage of pseudorandom number generator weakness:  https://www.wired.com/story/meet-alex-the-russian-casino-hacker-who-makes-millions-targeting-slot-machines/  

Evariste
User Rank
Manager
Re: Unhackable computers
Evariste   12/23/2017 5:52:15 PM
NO RATINGS
There was a multistate lottery that thought their lot-drawing computer was unackable because it wasn't connected to the internet and was kept under surveillance in a locked room.  But they didn't follow your second rule.  The IT guy had to go in to set the time to daylight savings (why, I don't know) and modified the code with a USB thumb drive while in there.  Then he could predict the output of the random number generator on certain days of the year and buy winning tickets. I don't understand why something like that wouldn't be built entirely in hardware.  I don't mean in an FPGA, either.  Maybe they should use the balls like they used to.  (Although the balls were weighted in an incident in 1980.)  I would definitely not trust a PC. Laymen are too trusting.  The average person apparently thinks it's OK to have electronics and computers involved in voting.  That is crazy.  

pinaz
User Rank
Author
look to the embedded past
pinaz   12/23/2017 12:47:24 PM
NO RATINGS
Try this: Harvard architecture CPU with program code in ROM, and when I say ROM, I mean ROM, not some continually upgraded flash memory.  Save $3.6 million of taxpayer money.  "Unhackable" is clickbait and a wholly inadequate term.  Does that mean an inability to execute remotely-provided arbitrary code?  (If only this, see first sentence.)  Does it mean a magic ability to somehow not execute what is a perfectly correct program image that was accidentally written by fallible programmers to have security flaws?  (It doesn't sound like this $3.6 million will help with that.)

EricOlsen
User Rank
Rookie
Unhackable computers
EricOlsen   12/22/2017 10:40:05 AM
NO RATINGS
Of course unhackable computers can be made.  We've been working with them in the casino gaming industry for years.  Two main keys to un-hackable: 1) no network connection. 2) can't easily change code. In the early days, we placed our game code into firmware, or even EPROM.  The computer did not allow for code changes without opening the cabinet and changing the EPROMs.  So yes, there are plenty of cases where un-hackable exists.  In our present day reality, the ease of executing computer code remotely delivered, or the ease in which code can be loaded from any device into memory and executed dictates the ease at which hackers can subvert your system with malware or viruses.  Also, the need to alter code becasue the application code is buggy, or doesn't meet specifications (security among them), the more the need to maintain the ease to easily load and run code.  In the gaming industry, we are not allowed to "remotely load" code.  Therefore, our code must be 100% functional and completely tested before it arrives on the casino floor. Modern day OS are designed to make it easy to load and execute code.  What is needed is a secure OS (which does exist) that isn't engineered using the funding of Advertising based marketing, then you can direct the OS design effort to be compliant to the needs of real security.  I've got a few inventions in this area I'd like to fully develope myself.

luting
User Rank
Author
Re: Nothing is un-breakable
luting   12/21/2017 7:20:07 PM
NO RATINGS
Totally agree. The same professor will break that after DARPA pay him another $3.6 million. 1 Second sounds long in human world but lots, lots of work could be done in electronic world.

qerqwe
User Rank
Author
Nothing is un-breakable
qerqwe   12/21/2017 6:05:29 PM
NO RATINGS
Please do not say that your security is unbreakable.   While it maybe very difficult, trying to figure out your rolling code in 1 sec is not impossible.  It maybe impractical, using todays processing power but look down the road to quatum computing and the 'impossible becomes possible'

sw guy
User Rank
Author
Intel on-chip V-Pro security hardware
sw guy   12/21/2017 10:29:16 AM
NO RATINGS
You should have writen: Intel has provided on-chip V-Pro broken security hardware (point your favorite search engine to vPro vulnerability)

Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed