The many security problems of ATMs
Posted on 11 October 2013.
As much as they are useful, ATMs are also very vulnerable to tampering and attacks from individuals looking for money.

eWeek reports that at the SecTor security conference held this week in Toronto, Canada, Trustwave senior consultant John Hoopes provided insight into the attacks that are frequently executed against Point of Sale (POS) systems and ATMs, and the things defenders can do to prevent them.

When it comes to ATMs, the problems are many, he says. If the power cord for the machine is reachable, an ATM can easily be unplugged and plugged in again in order to make it reboot and show which OS is running.

More often than not, it is Windows XP, and usually unpatched. In fact, Hoopes discovered that many ATMs are still vulnerable to years-old flaws that have been patched by Microsoft ages ago. Obviously, the technicians have installed the OS when the machine was put into use, and haven't touched them since.

A great number of ATMs is also running in administrator mode, making an attack even easier to execute. Also, when it comes to ATM software, the code is rarely, if ever, obfuscated, and potential attackers can find it trivial to reverse-engineer its code and search for exploitable flaws.

Allowing physical access to the power and network cords that feed ATMs to random individuals should be a big no-no. First because of the aforementioned possibility of rebooting it, and secondly because attackers can insert a device between the ATM and the network, and sniff out and manipulate the data traffic, which is often unencrypted, and occasionally not encrypted as well as it should be.

All of these problems can relatively easily be solved by ATM manufacturers and vendors if they make a concentrated effort. Hooper points out that they should also be thinking about good locks for the ATM cabinets, cable protection solutions, system monitoring and alarm systems that would detect when an ATM system has rebooted or has potentially been tampered with.


Black hole routing: Not a silver bullet for DDoS protection

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Mar 2nd