quote:

---

Automotive telematics display firm Yazaki North America announced an instrument cluster display based on embedded Linux, designed for reconfigurable dashboard TFT/LCD displays. The instrument cluster prototype is built around a PowerPC-based Freescale MPC5121e system-on-chip (SoC), and offers 3D effects, says the company.

Like Ford's new SmartGauge cluster designed for its 2010 Ford Fusion Hybrid, the Yazaki design offers a dynamic GUI interface to simulate analog instrumentation and report on a variety of telematics and related information in a small space. Yakuzi offers a more three-dimensional effect by displaying indicators, fuel gauge, and speedometer information on different levels, as well as adding tunnels and a tapered bezel over the LCD, says Yazaki.

The design is said to be highly customizable by automotive OEMs, enabling a wide range of dashboard designs for entry-level to high-end cars. When used in hybrids, the reconfigurable instrumentation can also display information such as driver and vehicle performance, as well as environmental impact.

The design supports integrated video input for displaying camera information, and the lighting system for the TFT/LCD display incorporates light guides, and uses a minimum number of LEDs "to offer styling flexibility and reduced complexity," says Yazaki. Based on embedded Linux, presumably using Freescale's Linux development platform for its MPC processors, the firmware is also said to make use of the chip's OpenGL ES 1.1 graphics.

The MPC5121e primarily targets "next-generation" telematics systems, such as in-car infotainment, driver assist devices, and digital displays for intelligent dashboards. In October 2007, Wind River, which is scheduled to be acquired by Intel this summer, announced a partnership with Freescale to co-develop a Linux development kit for the SoC. Last year, Freescale shipped a dual-core verson of the SoC called the MPC5123.

No information was offered on the availability of the Yakazi instrument cluster. More information may be found here.

---

said by Steve :

said by JohnInSJ :

Better then worrying about Malware (ATMs running XP, anyone?)

Those ATMs were hacked with physical access to the insides — no OS could withstand that kind of attack, so this seems like a cheap shot.

quote:

---

Windows XP cash machines can steal your PIN

It is bad enough that the bad guys constantly try and phish your financial data via email and fake websites, now cash machines are getting in on the act.

The SpiderLabs team reports that it has been able to perform an analysis of the malware, which had been discovered on compromised East European cash machines running Windows XP.

The malware was able to capture the magnetic stripe data from the private memory space of transaction-processing applications that were installed on these compromised ATMs, along with PIN codes for good measure.

Courtesy of some advanced management functionality found within the malware code, the attackers are able to control the compromised cash machines via a customised interface which can be accessed by simply inserting a controller card into the ATM card slot.

The stolen data can then be printed using the receipt printer built into the ATM, or output via the card reader to a suitable storage device. SpiderLabs do not believe that there is any networking functionality built into the malware, however.

I understand that the malware can be installed, and activated, by way of a Borland Delphi Rapid Application Development executable that replaces the original isadmin.exe utility file. Executing this dropper produces the malware file within the C:\WINDOWS directory of the machine.

This is not the first time that ATM security has left customers vulnerable nor will it be the last.

Trustwave warns it "highly recommends ALL financial institutions with ATMs under management perform analysis of their environment to identify if this malware or similar malware is present. Trustwave collected multiple version of this malware and therefore, feels that over time it will
evolve."

---

quote:

---

ATM security leaves customers vulnerable to hackers

It has been estimated that something in the region of 70 percent of the ATMs in current use are based not on the proprietary hardware, software and communication protocol platforms of old but instead on PC/Intel hardware and commodity operating systems, the most popular being Windows XP embedded. In fact, it is not too much of a stretch of the imagination to think of these ATMs as being simple PCs running simple PC operating systems and using the standard Internet Protocol that we are all used to. Of course, all this is housed in a very secure vault-like box along with some additional peripherals, which makes it all OK. Or does it? According to Network Box, a managed security services company which has just published a white paper on the subject of IP-ATM security, banks and financial institutions are failing to properly secure their ATMs, leaving consumers' personal details vulnerable to hackers. The report itself actually cites three main threats to ATMs: internet protocol (IP) worms; disruption of the IP network and denial of service; and the harvesting of consumers' transaction data for malicious purposes. The latter could result in hackers being able to collect consumers' personal details, such as their card number, account balance and transaction history.

It doesn't take a genius to work out that all a determined hacker, and for determined read backed by a highly professional criminal organisation, needs to do is access some part of that IP network between the ATM and payment processor to be privy to the personal detail contained within the unencrypted data stream.

The ATM manufacturers do integrate firewall software on the devices but these do nothing to prevent unencrypted traffic from leaving the machine, just make it harder for the less professional hacker to get into the ATM itself.

Mark Webb-Johnson, CTO of Network Box, told us "Most people simply assume that because an ATM is invariably provided by a bank, the transactions and the data being transmitted must be secure. This assumption may have been true in the past, but today ATMs operate in a way that makes them far more susceptible to attack. We've already seen in August 2003 how the Nachi (aka Welchia) Internet worm crossed over into 'secure' networks and infected ATMs for two financial institutions; and we've witnessed the SQL Slammer (aka Sapphire) worm indirectly shutdown 13,000 Bank of America ATMs. The chances are that if banks don't use technology that can actually provide an effective level of protection - technology that is already on the market - then it is very likely that more high-profile attacks are to follow."

---