Carders can contaminate a machine without having to access it physically. As per the findings of information security firm Group-IB, ATMs located in at least a dozen European countries were attacked remotely in These include the use of antivirus suites, disabling firmware updates, blocking USB ports, and hard drive encryption.
Tech-savvy carders employ what are called black boxes to rob ATMs these days. These are tiny single-board computers, something like Raspberry Pi, programmed to perform a specific task. Black boxes drain ATMs of all the cash in an entirely mystical way as viewed by bankers. They eliminate the core functionality from the black box and connect a smartphone to it that remotely issues commands over IP protocol.
Later on, several people who look just like regular customers come up to the ATM and withdraw huge amounts of money. Then, the carder returns and takes his tiny device out of the machine. The black box heist is typically unearthed a couple of days later when the bank discovers a discrepancy between the empty vault and the cash withdrawal log.
In the aftermath of this, there is hardly anything the bank officials can do except scratch their heads. A carder circumvents the host by connecting to a port of a peripheral device and issuing commands to it directly. Meanwhile, the proprietary protocols used for communication between the host and the peripherals engage no authorization mechanisms whatsoever, because the devices are embedded in the trusted area anyway.
The fact that these protocols are unsecured makes them low-hanging fruit in terms of data interception and playback attacks. These machines were built before the ability to reload software via an SD cards was implemented; loading software on these machines must be done via a specialized program. The board can be sent into ATMequipment. With the vault door open, power on the machine while holding down F1 and F2 the top two function keys on the left side of the screen.
The ATM will go through a bit of its boot sequence and should come up to a screen asking you to confirm that you want to reset passwords. Select yes. The ATM will reboot and when it comes back up, operator function passwords will be reset to default. This will clear out all of your programming. Allow the machine to go through its boot sequence. In experimenting with the flaw, So and Keown wrote shell code and sent a malicious payload to the ATM. Hackers that are able to do the same could point a vulnerable ATM to a hacker-controlled server, which could allow them to steal sensitive customer information, such as credit card numbers or even PINs, So and Keown told CyberScoop.
And although Nautilus has issued a fix, there is always the chance that many machines still remain vulnerable, the researchers told CyberScoop. Generally speaking, ATMs are also a perennial target for hackers sponsored by the North Korean government , according to the U.
Department of the Treasury. When you use an ATM, it's in "kiosk mode" and you can't switch to another application. But if you plug in a keyboard, or a Raspberry Pi set up to act like a keyboard, you can use the ATM like a regular computer. Exiting kiosk mode won't cough up the cash, but using a keyboard makes it a whole lot more convenient to run malicious commands on the ATM.
Since more than half the machines examined ran Windows XP, the operating system with lots of known vulnerabilities, this wasn't always hard. The researchers also found that two machines ran digital video recorder applications in the background to record customer activity. Once out of kiosk mode, the Positive Technologies team brought up the hidden DVR windows by moving a mouse cursor to a corner of the screen.
Then they could use the DVR application to erase security footage. Most of the ATMs ran security appications to prevent installation of malicious software. Four of those applications themselves, including two made by McAfee and Kaspersky Lab, had security flaws of their own.
Another security application stored an administration password in plaintext. Once you change the security application's settings, you can connect directly to the ATM's hard drive to add malicious programs if the drive isn't encrypted. The researchers could do this to 24 of the 26 ATMs examined.
0コメント