Disclosure of secrets that enable hackers to penetrate the ATM

The almost any ATM in the world could be vulnerable to security threats include, for example, illegal use or penetration with or without help of any malicious software. According to the results of research conducted by Kaspersky Lab experts, this is due to the widespread use of programs that are outdated and unsafe as well as errors in the network definition and the lack of the necessary vital parts of the security protection of the ATM.

The biggest threat, and for many years for the customers and the owners of the ATM is in the means of espionage known as Skimmers - a special hardware is glued in ATMs to steal data from the magnetic stripe banking cards. However, with the development of methods and techniques of malicious software, ATMs have become exposed to more risk. In 2014, Kaspersky Lab researchers discovered a gang Tyupkin from one of the examples of malware that targeted the ATM known devices and deployed on a large scale. In 2015 the company Carbanak gang experts discovered, which was capable of launching pirate attacks on ATMs by exploiting security gaps in the banking infrastructure. Those Alasaptan Alkhbayttan has been able to achieve for Excellence in launching attacks as a result of the exploitation of many of the common security holes in ATM technology and infrastructure that support them. This is not only a simple example for more complex operations.

In an attempt to confine all security-related issues with ATM, the professionals penetration tests at Kaspersky Lab to conduct a research study on the basis of the investigation of real attacks, and the results of the evaluation of the security measures for ATMs in a number of international banks.

Based on the results of this study, the experts proved that malware attacks targeted for ATMs are possible as a result of numerous security matters. The first is that all ATMs and computers are powered by very old versions such as Windows XP operating systems. This makes them susceptible to malware targeted to computer hard and attacks by exploiting security holes undiscovered.

In most of these cases, the specific software that allows the computer connected to your ATM to interact and communicate with the infrastructure and banking information units responsible for the completion of cash transactions and credit cards, based on XFS standard IT hardware. This is an old and unsafe technological specifications somewhat established in the foundation for the unification of drivers ATM, so it can run on any device, regardless of manufacturer. After that they can malicious code from penetrating the ATM machines successfully, quickly gaining capabilities are not limited in terms of your ATM Control: For example, it can convert the panel enter a personal identification code (PIN) and card reader to spy means original Skimmer in the device, or withdraw all the funds in the ATM immediately upon receipt of the command from pirates.

In many cases observed by Kaspersky Lab researchers found that it did not require the criminals use malware to infect ATMs or bank network associated with them. This was possible because of the lack of security protection for the ATM itself, which is a very common issue for these devices. In most cases, is also the design and installation of ATMs in a manner to allow for any third party access to the computer installed inside the ATM easily, or to the network cable that connects the device to the Internet. Through partial physical access to the ATM, the pirates could do the following:
Installing small computers programmed according to specific purposes (known as Black Box) within the ATM, which in turn will allow for the possibility of hackers remote control with ATM.
Reconnect the ATM to fake the pirates treatment center.

And placebo treatment center Fake Processing Center is a program that processes the payment data, which is very identical to the programs of the bank even though it is not the property of the bank. Once connected to an ATM placebo treatment center, unable attackers from making any order they want, and then the ATM implementation of those orders.

It is possible to protect communication between the ATM and the Centre for different ways of treatment, such as using hardware or software encryption of the VPN or SSL / TLS or firewall type or authorizing MAC-authentication protocols applied in xDC system. However, in most cases does not apply to such security measures, and, if applied, is often defined incorrectly or be subject to security breach, the cases are not only discovered during the security assessment for ATMs stage. As a result, and does not call for it from the pirates that they change the device settings, but only by enabling them to exploit any security vulnerability is discovered in the network that connects the ATM infrastructure and banking connections.

How to prevent the targeted ATM hacking attacks

Olga Kuchetova, a security expert in penetration testing department, the company Kaspersky Lab, said: "The results of our research indicate that despite the efforts being made by suppliers to develop ATMs supported by strong advantages of safety, we find that there are many banks that are still using outdated and models safe enough, and this makes them totally ready to prevent hacker attacks, activists in the field to challenge all of the installed safety precautions on these devices. This is the reality today, which causes inflicting heavy financial losses to banks and their clients. From our perspective, this is the result of a wrong notion has prevailed for a long time, which is that cyber criminals do not care, but to launch electronic attacks against online banking channels. They are already well, but they also are focused increasingly on exploiting security holes undiscovered at the ATM, because of direct attacks against these devices is the shortest way for them to rob the real money. "

Although the security issues mentioned above have probably a serious impact on a lot of ATMs all over the world, but that does not mean we can not find solutions to such cases. ATM manufacturers can reduce the risk of targeted attacks to ATM devices through the application of the following actions:
First, it is necessary to reconsider the standard XFS with a focus on safety, the introduction of two statutory mandate between hardware and software factors. This helps to reduce the risk of fraudulent withdrawal of funds through the use of malicious Trojan software and enable hackers to take ownership control units ATM.
Second, it is necessary to apply the requirement "authenticated dispensing" in order to exclude the possibility of attacks by fake treatment centers.
Third, it is necessary to apply the requirement to protect the safety and control encryption of data sent between all units and computers installed inside ATMs.

 

Write Comment


CAPTCHA