MOSCOW (Sputnik) – Most cash terminals (automated teller machines or ATMs) have vulnerabilities that hackers can use to gain access to them, and absolutely all ATMs can be used by hackers to steal customer card data, a study by Moscow-based cyber security firm Positive Technologies revealed on Wednesday.
“When conducting security analysis, we identify vulnerabilities related to network security, configuration flaws, insufficient protection of peripherals. Together, these flaws allow attackers to steal money from an ATM or to steal bank card data. At the same time, the security mechanisms used are not a serious obstacle to the implementation of attacks: in almost all cases, the possibility of circumventing the installed means of protection was revealed,” the study said.
The company chose 26 ATMs manufactured by NCR, Diebold Nixdorf and GRGBanking in its study, with each of the ATMs having a unique configuration.
The study revealed that the types of attacks on the same ATM model differed depending on the type of connection to the processing centre, the installed software, the protection measures used and other specific parameters.
According to the study, 100 per cent of ATMs is vulnerable to hackers trying to intercept bank card data. To conduct such an attack, hackers need physical access to the service area or to the ATM network, and 15 minutes of time. As a result, hackers can copy data from a magnetic strip on cards during data transfer between the ATM and the processing centre or between the operating system of the ATM and the card reader.
The Positive Technologies’ study also revealed that about 92 per cent of ATMs do not have an adequate level of protection against another method of attack — connecting to ATM’s hard disk drive. If an attacker manages to connect to an ATM in this way, he will be able to write a malicious program to the hard drive allowing him to bypass or disable the security tools.
In addition, about 85 per cent of ATMs are vulnerable to network attacks, the firm said. Its experts have revealed that hackers could interfere in the conduct of ATM transactions, for example, requesting to issue a large amount of cash. About 69 per cent of ATMs remain vulnerable to black box attacks when attackers connect to an ATM dispenser to send a command to issue cash, the study noted.
Sourse: sputniknews.com