Scribd Logo
Upload

Welcome to Scribd!

  • 46 views

    Hack For Free Cash: ATMs Take Just 20 Minutes To Crack

    Uploaded by

    karmeniemiolli99
    Hackers were able to hack into and access 85% of ATMs within just 20 minutes by exploiting vulnerabilities in the machines' network security, peripheral security, and configurations. Researchers from Positive Technologies were able to run arbitrary code, escalate privileges, and disable security mechanisms on ATMs from several major manufacturers to withdraw cash without authorization. The quickest attacks took just 10 minutes and involved drilling a hole in the ATM case to access internal cables. Proper network security, updated software, and physically securing ATM cabinets could help reduce such cyberattacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Hack For Free Cash: ATMs Take Just 20 Minutes To Crack

    Uploaded by

    karmeniemiolli99
    46 views6 pages
    Hackers were able to hack into and access 85% of ATMs within just 20 minutes by exploiting vulnerabilities in the machines' network security, peripheral security, and configurations. Researchers from Positive Technologies were able to run arbitrary code, escalate privileges, and disable security mechanisms on ATMs from several major manufacturers to withdraw cash without authorization. The quickest attacks took just 10 minutes and involved drilling a hole in the ATM case to access internal cables. Proper network security, updated software, and physically securing ATM cabinets could help reduce such cyberattacks.

    Original Description:

    Atm hacking

    Original Title

    Hack for Free Cash: ATMs Take Just 20 Minutes to Crack

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Hackers were able to hack into and access 85% of ATMs within just 20 minutes by exploiting vulnerabilities in the machines' network security, peripheral security, and configurations. Researchers from Positive Technologies were able to run arbitrary code, escalate privileges, and disable security mechanisms on ATMs from several major manufacturers to withdraw cash without authorization. The quickest attacks took just 10 minutes and involved drilling a hole in the ATM case to access internal cables. Proper network security, updated software, and physically securing ATM cabinets could help reduce such cyberattacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    46 views6 pages

    Hack For Free Cash: ATMs Take Just 20 Minutes To Crack

    Uploaded by

    karmeniemiolli99
    Hackers were able to hack into and access 85% of ATMs within just 20 minutes by exploiting vulnerabilities in the machines' network security, peripheral security, and configurations. Researchers from Positive Technologies were able to run arbitrary code, escalate privileges, and disable security mechanisms on ATMs from several major manufacturers to withdraw cash without authorization. The quickest attacks took just 10 minutes and involved drilling a hole in the ATM case to access internal cables. Proper network security, updated software, and physically securing ATM cabinets could help reduce such cyberattacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    Receive our newsletter - data, insights and analysis delivered to you 

    TECHNOLOGY  CYBERSECURITY November 16, 2018

    Hack for Cash: ATMs Take Just 20 Minutes to


    Crack
    “Sometimes the modem is located outside of the ATM cabinet, so an attacker would
    not even have to open up the ATM in order to perform modifications”

    By CBR Staff Writer

       

    A staggering 85 percent of ATM cash machines can be hacked and


    tricked into dispensing free cash within just 20 minutes, a new report
    warns.

    Bank security experts Positive Technologies described in a report this


    week a number of successful attempts to gain access to an ATMs
    operating system.

    They targeted ATMs belonging to GRGBanking, NCR and Diebold Nixdorf


    and found four main vulnerabilities categories: insuf cient network
    security; insuf cient peripheral security; improper con guration of
    systems or devices; and vulnerabilities within the con guration of the
    application control.
    The team’s researchers wrote in their report that due to the insuf cient
    network security a criminal with access to the ATM network can “target

    available network services, intercept and spoof traf c, and attack
    network equipment.”

    “Criminals can also spoof responses from the processing center or


    obtain control of the ATM.”

    VIEW ALL NEWSLETTERS 

    Sign up to our newsletters


    Data, insights and analysis delivered to you
    BY THE TECH MONITOR TEAM

    SIGN UP HERE

    Image: Positive Technologies Report

    Content from our partners

    Green for go: Transforming trade in the UK


    Manufacturers are switching to personalised
    customer experience amid fierce competition

    How many ends in end-to-end service orchestration?

    ATM Vulnerabilities

    They found that 58 percent of the ATMs tested were at risk to threat
    actors breaching the network through poor cybersecurity practices, such
    as out of date software and weak rewall protection.

    Through the vulnerabilities CVE-2017-8464 and CVE-2018-1038 they


    could enable remotely running arbitrary code and subsequently
    escalating privileges; this resulted in the ability to “disable security
    mechanisms and control output of banknotes from the dispenser.”

    Hit it Hard

    By far the most successful type of attack was a direct hack of the ATM
    itself, although this required physical access.

    If the attacker is able to manipulate the ATM so that they can unplug the
    Ethernet cable and connect a device, they are then able to conduct
    attacks on the network service or man-in-the-middle attacks.

    This method worked 85 percent of the time on the tested ATMs with the
    researchers nding that: “Sometimes the modem is located outside of
    the ATM cabinet, so an attacker would not even have to open up the ATM
    in order to perform modi cations.”
    See Also: Magecart’s 7 Groups: Hackers Dropping Counter-Intelligence Code
    in JavaScript Skimmers

    The quickest method is also the loudest, Positive Technologies carried
    out Black Box attacks which only took 10 minutes to obtain cash from the
    machine.

    A Black Box attack is done by drilling a hole in the side of the ATM case to
    gain access to the cables connecting the ATM cash box to the ATM OS. A
    ready made tool is then connected to the ATM letting the threat actors
    withdraw as much cash as they like.

    Image: Positive Technologies Report

    In concluding, the researchers note that cyberattacks on ATMs will


    decrease as preventive methods such as up to date software and good
    decrease as preventive methods such as up to date software and good
    practice are carried out.

    However, they state that the rst step that needs to be done is to: 
    “Physically secure the ATM cabinet and surroundings. Exploiting most of
    the vulnerabilities we found would be impossible without access to the
    on-board computer and peripheral ports.”

    Topics in this article : atm , Diebold Nixdorf , GRGBanking ,


    Homepage News List , NCR , Positive Technologies , Sidebar Most Read

       

    CBR Staff Writer


    CBR Online legacy content
    Receive our newsletter - data, insights and analysis delivered to you 

    View all newsletters  

    Tech Monitor

    Home About us Newsletters Privacy Policy Terms and conditions

    Advertising & Partnerships Contact us

    Social

      

    Navigating the horizon of business technology.


    © COPYRIGHT 2024 NEW STATESMAN MEDIA GROUP LTD.

    Powered by

    Websites in our network

    You might also like