For almost any ATM in the world you can gain illegal access and pay him the money – with the help of malicious software, or without. This is possible due to the use of outdated and insecure software errors in the network configuration and the lack of physical security of critical parts of the ATM.
For many years, the greatest threat to clients and owners of ATMs were called. skimmers – special equipment trailed to an ATM to steal data from the magnetic stripe bank card. However, with the evolution of harmful techniques ATMs faced with higher risks. In 2014. Researchers from Kaspersky Lab detected a threat Tyupkin – one of the first known examples of malware targeting ATMs, whereas in 2015. Carbanak identified the gang that could, among other things, empty ATMs by breaking into bank infrastructure. Both attacks were possible thanks to a number of common weaknesses in ATM technology and infrastructure that supports them. Unfortunately, this is only the tip of the iceberg.
In order to identify all safety issues ATMs, experts specializing in penetration testing conducted a study based on the investigation, including actual attacks, and the results of the safety assessment of ATMs for several international banks.
In the study, experts have demonstrated that attacks on ATMs using malware are possible due to a number of problems concerning. Security. The first is that all ATMs are computers running very old versions of operating systems such as Windows XP. This makes them vulnerable to infection with malware created with the aim of computers and attacks via exploits (threats that use vulnerabilities in systems and software installed).
In most cases, the software that allows your computer to interact with the ATM infrastructure, banking and hardware devices, as well as the processing of cash and credit cards, based on the XFS standard. It is an old and devoid of robust security technology specification, developed to standardize the software ATMs, so that it can run on any hardware – regardless of manufacturer. If the malware manages to infect a teller, will gain almost unlimited possibilities in terms of control of this device: it will be able to take over the panel for entering PIN codes and card reader, or simply withdraw money at an ATM located at the behest of the attacker.
How do criminals?
In many cases observed by researchers from Kaspersky Lab, the criminals do not have to use malicious software to infect ATM or the network of the bank, with which the device connects. Everything should be the lack of physical security alone ATMs. Often ATMs are designed and installed in such a way that a third party easy access to the inside a computer or network cable connecting the machine to the Internet. Obtaining even partial physical access to the ATM, criminals could potentially:
– installed inside the ATM specially programmed microcomputer (ie. Black box), which allow criminals to remotely access an ATM
– connect the ATM to fake the center of processing financial information.
After switching the ATM to the false processing center, the attacker can issue any command, and the device obediently them realize.
How to protect yourself before skimmingiem?
– use ATMs that are not located in bank branches, preferably in the middle under the watchful eye of the camera
– check if the elements of its construction is not they look suspicious. Does the reader where the card is placed similarly fails if the panel with which we introduce the PIN is secure. All elements of the impression of “stuck on” may indicate tampering with the device,
– cover panel when entering our PIN,
– if the keyboard “springs” with entering the PIN, you should immediately stop typing our 4-digit code,
– if you do not use chip card – be sure to replace the existing card on the card with the chip.