Tuesday, October 15, 2013

Ploutus Malware

Leyendo las noticias locales me encuentro con un titular "Cuidado, reportan cajeros automáticos con virus". 

No sé de dónde consiguen estas notas pero esta distorsionada. Los usuarios no tienen problema con este malware. Este malware le roba a los bancos y no a los cuentahabientes. (Aun recomiendo buscar signos que podrían indicar que el cajero automático ha sido alterado de alguna forma física, y si se ve algo extraño reportar al banco y abstenerse de usarla) 

El esquema de este malware "Ploutus" consiste en instalar un "backdoor" por medio de un CD. Ya que es posible abrir el compartimiento donde se encuentra el CD-ROM (problemas de seguridad física, un antivirus no te salva de esto como lo sugieren los periódicos) lo que sugiere que este ataque podría ser más común en cajeros automáticos que estén en áreas comerciales, no en una sucursal del banco. Además se eligen cajeros “menos vigilados” para que sea más sencilla la extracción del motín.
Esto permite a los creadores del malware retirar del cajero automático sin la necesidad de una cuenta bancaria. En pocas palabras robar el cajero sin necesitar forzarlo físicamente. Para este esquema, sería muy inútil agregarle funcionalidad a este malware para robar información de usuarios, ya que esta información tendría que ser enviada a sus creadores de alguna forma (o recogida) y esto facilitaría la detección del mismo malware y estos criminales podrían ser identificados. Y, si ya tienen acceso al dinero en efectivo no tienen por qué complicarse más.

Sunday, March 3, 2013

Reducing EMI in RTL SDR

Many people have noticed that even if there is not an antenna connected to the RTL SDR. FM Stations still come strong. This is not good at all because these are signals that are getting into the PCB via another way that is not the antenna. The most common tips for reducing EMI that are over the Internet for the RTL SDR is to use shielded USB cables, ferrite beads and a metal box. I was already using a shielded USB extension cable, and I mounted a ferrite bead near the RTL SDR. (At least 2 are recommended but I was just able to get one) The problem is that the USB cable is going to act as an antenna.

I also put aluminum foil inside the RTL SDR and it was touching the USB chassis ground. It seemed to help a bit but there was still a lot of noise. Any local FM station still goes through adjusting the gain. Near my home is a local FM transmitter that has always caused me problems, especially because I listen to air band. I use an AOF-128 bandpass filter and a coax stub filter and this still is not enough to attenuate completely the signal while listening with my PRO-95 scanner, so you can imagine how critical for me is reducing EMI in the RTL SDR for good performance.

I started to read about the USB specs and tips for reducing EMI while designing USB devices. There is a lot of information and different opinion about this. In general what I found out is that the shield on a USB cable is soldered with the male USB connector (in the host) but on the device is not but here comes the most important thing I found out. If in the USB device, the chassis is connected to ground, it is to a different ground, and not the ground to the PCB (To the chassis for example) or some designs have two grounds on the same PCB. Because that’s where it’s going to get the noise if the USB cable shield is connected to the USB chassis, so what I did on the RTL SDR, it’s to remove the male USB connector, and solder a cable with a male USB connector, and just solder the 4 cables (signal and power) and leave the shield floating. Then, where I cut the cable I put aluminum foil and then covered it with electrical tape.

This really reduced the FM broadcast interference. Even if the gain is set to maximum on the RTL SDR, the only station that comes some noise is the one that is my neighbor, but it’s really nothing to what was there before. I think if I got more ferrite beads and mounted the RTL inside a box it would be totally quiet.

 Hope this can help other people and I would love to hear comments.