eWeek reports that at the SecTor security conference held this week in Toronto, Canada, Trustwave senior consultant John Hoopes provided insight into the attacks that are frequently executed against Point of Sale (POS) systems and ATMs, and the things defenders can do to prevent them.
When it comes to ATMs, the problems are many, he says. If the power cord for the machine is reachable, an ATM can easily be unplugged and plugged in again in order to make it reboot and show which OS is running.
More often than not, it is Windows XP, and usually unpatched. In fact, Hoopes discovered that many ATMs are still vulnerable to years-old flaws that have been patched by Microsoft ages ago. Obviously, the technicians have installed the OS when the machine was put into use, and haven't touched them since.
A great number of ATMs is also running in administrator mode, making an attack even easier to execute. Also, when it comes to ATM software, the code is rarely, if ever, obfuscated, and potential attackers can find it trivial to reverse-engineer its code and search for exploitable flaws.
Allowing physical access to the power and network cords that feed ATMs to random individuals should be a big no-no. First because of the aforementioned possibility of rebooting it, and secondly because attackers can insert a device between the ATM and the network, and sniff out and manipulate the data traffic, which is often unencrypted, and occasionally not encrypted as well as it should be.
All of these problems can relatively easily be solved by ATM manufacturers and vendors if they make a concentrated effort. Hooper points out that they should also be thinking about good locks for the ATM cabinets, cable protection solutions, system monitoring and alarm systems that would detect when an ATM system has rebooted or has potentially been tampered with.