Updates on ATM Hacking Attacks

ATM Hacking Attacks

How serious is the need for a money wire transfer? According to recent studies, it’s shockingly easy to hack ATMs and other electronic payment systems even in 2018. The information security company Positive Technologies examined eleven different NCR, Diebold Nixdorf, and GRG Banking ATM models in a total of 26 combinations and came to the conclusion that ATM security is a mess and could be exploited by a straightforward money transfer app.

A cabinet-enclosed safe and a computer make up an ATM. Regular keyboard, mouse, and network inputs are present on computers that frequently run Windows. You can physically access the computer by opening the cabinet with a drill, lock pick, or key – one key can frequently open all units of a certain model.

The cash is kept in the safe, which is only accessible with the use of powerful tools or explosives. The cash dispenser is also directly tied to the safe. But Positive Technologies discovered that you could nearly always get cash or a customer’s ATM card information from the computer, its network connections, or the interface connecting the computer to the safe.

The ATM machine must communicate with a server at a distant transaction processing center using either a wired Ethernet connection or a mobile connection before it can give a user cash. While some of the contacts are made directly, others use the internet. All of them, however, are not encrypted.

The research stated that “Tested ATMs commonly had subpar firewall protection and inadequate protection for data sent between the ATM and processing center.”


Remote ATM attacks

As a result, not every assault needed having physical access to the equipment. Although some did it over Ethernet rather than wirelessly, 15 out of 26 ATMs failed to encrypt connections with processing servers. To obtain the card info, you simply need to wired or wirelessly tap into network traffic.

Other models used flawed VPNs whose encryption might be broken to secure the traffic. Since not all ATMs had patched the known vulnerabilities, some had security holes in the network hardware or software that could also be used against them.

On a select devices, the modem motherboard bios encryption keys might be used to compromise the cellular connections to the processing servers. One system could be fully accessed through Telnet using the default administrator credentials, which were “root” for both the username and password. On the remote web interface of the same model, weak administrative credentials could also be brute-forced.

In both scenarios, it would be easy to trick the machines into accepting fake processor-server answers in exchange for a cash jackpot. ATM Hacking Attacks

Physical but non-intrusive ATM attacks

Some ATM versions had an Ethernet connector on the exterior of the cabinet, making it possible to plug in a laptop that impersonated a processing server and instructed the ATM to dispense cash by unplugging the Ethernet wire from the ATM. Not all ATMs have corrected known security issues in the network hardware or software, which may also be exploited.

Of course, waiting around an ATM for long enough to execute an assault isn’t always simple. Although it might not be as obvious at three in the morning, the research warned that a thief would only need 15 minutes to access the ATM network link to the processing center.

Opening up the ATM cabinet

If you unlock the cabinet and obtain entry to the computer’s input ports, you won’t be far from a monetary reward.

According to the study, “the majority of examined ATMs facilitated conveniently connecting USB and PS/2 devices.” It is possible for a thief to attach a keyboard or other device that simulates user input.

When using an ATM, it is in “kiosk mode,” making switching to another software impossible. If you connect a keyboard or a Raspberry Pi that is set up to act as a keyboard, you can use the ATM exactly like a regular computer.

The research stated that using hotkeys made it easy to exit kiosk mode in every instance. These hotkeys were often common Windows shortcuts, such as Alt+F4 to close an active window or Alt+Tab to navigate between open apps. ATM Hacking Attacks

Although exiting shop mode won’t release the money, utilizing a keyboard makes it much easier to use harmful ATM commands. This wasn’t always difficult because more than half of the devices inspected run Windows XP, a 2001 operating system with numerous known security flaws.

The researchers also found that two machines ran digital video recorder applications in the background to record customer activity. Once out of kiosk mode, the Positive Technologies team brought up the hidden DVR windows by moving a mouse cursor to a corner of the screen. Then they could use the DVR application to erase security footage.

Installing malicious ATM software

The majority of the ATMs used security software to stop the installation of dangerous programs. Four of those programs had security issues of their own, including two produced by McAfee and Kaspersky Lab. A password for the administration was saved in plaintext by another security program.

If the ATM’s hard disk isn’t encrypted, you can connect directly to it after changing the security application’s settings to install malicious software. 24 out of the 26 ATMs the researchers looked at allowed them to achieve this. Such virus is pricey to purchase; prices on internet criminal forums start at $1,500; nevertheless, you can use it on one or more identical-model computers.

Or you could simply attach a USB stick to the USB port on the ATM and start the device from there. You can instantly alter the BIOS startup order on seven devices. You would then have full access to the main hard disk of the ATM.

Unsafe mode

Simply restarting the computer into a debugging or safe mode frequently resulted in the jackpot.

On 88 percent of ATMs, it was possible to change the boot mode, according to the survey. The testers were able to advance this attack and eventually extract money in 42% of the cases.

Plugging in an ATM black box

In order to obtain cash, you don’t actually need to access the ATM’s computer. To make the safe’s cash dispenser spit out bills, you may swiftly connect a “black box”—a Raspberry Pi or other device running customized ATM diagnostic software—to the safe.

To supposedly prevent this attack, the majority of ATM manufacturers encrypt connections between the ATM computer and the cash dispenser. However, five of the ATMs that Positive Technologies studied had any software defenses against black-box assaults, and 50% of them utilized subpar encryption that was easily cracked.

What You Must Know

Banking laws in the US shield consumers from responsibility for practically all types of ATM cash-grab crimes. Your only responsibility is to immediately notify your bank of the theft.

Positive Technologies claimed that by requiring that ATM manufacturers encrypt ATM hard drives, strongly encrypt communications with processing servers, upgrade machines to run Windows 10, disable common Windows keyboard commands, lock down BIOS configurations, use better administrative passwords, and, last but not least, make the ATM computers more difficult to physically access, the banking sector could reduce the amount of theft.

“Since banks tend to use the same configuration on large numbers of ATMs,” said the report, “a successful attack on a single ATM can be easily replicated at greater scale.”



Contact Us Click Here