SoylentNews

Fnord666 [soylentnews.org] writes:

Attackers are using drills to physically compromise ATMs so that they can steal thousands of dollars from the financial institutions operating them.

In the fall of 2016, a bank client revealed one of their ATMs that attackers had emptied to Kaspersky Lab. The only indication of physical tampering was a golf ball-sized hole someone had drilled into the machine next to the PIN pad. Law enforcement later arrested a suspect and found a laptop and cable in their possession.

These discoveries piqued the curiosity of Igor Soumenkov, a researcher at the Russian security firm. He said so at the company's annual Kaspersky Analyst Summit. As quoted by WIRED [wired.com]:

"We wanted to know: To what extent can you control the internals of the ATM with one drilled hole and one connected wire? It turns out we can do anything with it. The dispenser will obey and dispense money, and it can all be done with a very simple microcomputer."

To get to the bottom of Soumenkov's question, Kaspersky's researchers transported the same ATM model to their lab and removed the machine's front panel to look inside. They found a wire that connected all the ATM's components, from the user interface to the cash dispenser. From their subsequent analysis, they also identified only a weak XOR cipher and no suitable authentication protecting the communications exchanged between these components.

WIRED's Andy Greenberg puts this setup into perspective:

"In practical terms, that means any part of the ATM could essentially send commands to any other part, allowing an attacker to spoof commands to the dispenser, giving them the appearance of coming from the ATM's own trusted computer."

Source: Tripwire's "The State of Security" Blog [tripwire.com]

Original Submission