ATM security still running Windows XP
New study reveals ATM security is mostly for show
New research from Positive Technologies has revealed that ATM machines are vulnerable to a number of basic attack techniques that could allow hackers to steal thousands in cash.
The company's researchers studied over two dozen different models of ATMs and discovered that almost all of them are vulnerable to network or local access attacks that would allow hackers to obtain money from them illegally.
Positive Technologies' study had its researchers try to penetrate 26 machines from various manufacturers and service providers.
The researchers found that 15 of the ATMs were running Windows XP, 22 were vulnerable to a “network spoofing” attack, 18 were vulnerable to 'black box' attacks, 20 could be forced to exit kiosk mode via USB or PS/2 and 24 had no data encryption in place on their hard drives.
Protection for show
Despite the large amount of funds held by ATMs, the researchers found that the protections used by the machines to prevent theft and tampering were basically for show and anyone motivated to do so could gain access to a machine in under an hour.
Positive Technologies offered further details on the findings of its study, saying:
"More often than not, security mechanisms are a mere nuisance for attackers: our testers found ways to bypass protection in almost every case. Since banks tend to use the same configuration on large numbers of ATMs, a successful attack on a single ATM can be easily replicated at greater scale."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The report recommends that banks improve the physical security of the machines themselves by limiting access to their inputs. This could prevent many of the techniques used in the study from being carried out by real world hackers.
Via The Register
- Also check out the best antivirus
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.