ATM security still running Windows XP | Computing
The company’s researchers studied over two dozen different models of ATMs and discovered that almost all of them are vulnerable to network or local access attacks that would allow hackers to obtain money from them illegally.
Positive Technologies’ study had its researchers try to penetrate 26 machines from various manufacturers and service providers.
The researchers found that 15 of the ATMs were running Windows XP, 22 were vulnerable to a “network spoofing” attack, 18 were vulnerable to ‘black box’ attacks, 20 could be forced to exit kiosk mode via USB or PS/2 and 24 had no data encryption in place on their hard drives.
Protection for show
Despite the large amount of funds held by ATMs, the researchers found that the protections used by the machines to prevent theft and tampering were basically for show and anyone motivated to do so could gain access to a machine in under an hour.
Positive Technologies offered further details on the findings of its study, saying:
“More often than not, security mechanisms are a mere nuisance for attackers: our testers found ways to bypass protection in almost every case. Since banks tend to use the same configuration on large numbers of ATMs, a successful attack on a single ATM can be easily replicated at greater scale.”
The report recommends that banks improve the physical security of the machines themselves by limiting access to their inputs. This could prevent many of the techniques used in the study from being carried out by real world hackers.
Via The Register