Edited by: Don Penven
From Wire Services
ATMs are plentiful these days. They first appeared at banks, some mounted on an outside wall near the front entrance and some were given a separate drive-through lane.
Now you’ll find ATMs in grocery and department stores, convenience stores, airports and restaurants. Where people are likely to need cash, an ATM will be nearby.
And maybe it’s the aroma of fresh 20-dollar bills that tempts others in need of a quick infusion of cash who hook up a chain to the machine and attempt to jerk it off the wall with a few tugs from their pickup truck. In fact ATMs have become sitting ducks for the rip and tear crowd—even when the devices are inside the building.
But ATMs are being sucked into the digital revolution too. Not content with just hacking into individual bank accounts, cyber crooks are looking toward scoring at an ATM.
As useful as they may be, ATMs are never-the-less vulnerable to both physical and cyber attacks.
At a recent security conference in Canada, senior cyber security consultant, John Hoopes, provided insight to conference attendees on attacks of Point of Sale systems and ATMs. “If the power cord for the machine is reachable, an ATM can easily be unplugged and plugged in again in order to make it reboot and show which Operating System is running,” Hoopes noted.
More often than not, the OS is Windows XP, and it is usually unpatched. In fact, Hoopes said that many ATMs are still vulnerable to years-old flaws that have been patched by Microsoft eons ago.
Many ATMs are also running in administrator mode,
making an attack even easier to execute. And the code of ATM software is
rarely, if ever, obfuscated, and potential attackers can find it simple to
reverse-engineer this code, and then search for obvious flaws.
Other preventative steps that may be taken:
- Do not allow physical access to the power and network cords that feed ATMs. First because of the aforementioned possibility of rebooting it, and…
- Secondly, because attackers can insert a device between the ATM and the network, and sniff out and manipulate the data traffic, which is often unencrypted or not encrypted as well as it could be.
All of these problems can be easily solved by ATM manufacturers and vendors if they make a concentrated effort. Hoopes points out that they should also be thinking about good quality locks for their ATM cabinets, cable protection solutions, system monitoring and alarm systems that would detect when an ATM system has rebooted or has potentially been tampered with.