A high-tech criminal group in Europe has been infecting ATMs (cash machines) with malware, and then completely emptying the machines without a trace. The group has not yet been caught and the attacks continue — and thus very few details have been released — but we assume that they’ve already made off with millions of pounds/euros. The best bit: The hack is carried out by plugging an infected USB stick into ATMs that run Windows XP. Not many people know this, but most of the world’s ATMs run some flavor of Windows. In the olden days, it wasn’t too unusual to find an ATM that had crashed with a blue screen of death (BSOD), and to this day it’s still fairly common to hear the standard Windows “ding” when interacting with an ATM. A conventional ATM might consist of a standard Windows XP PC (or perhaps XP Embedded), connected to a display, a secure keypad, cryptoprocessor, various other bits of hardware, and of course the vault (where the money is stored). The ATM boots up normally, then launches into a full-screen program that manages all of the tasks that a customer might want to carry out. Unfortunately, just like your Windows PC, some ATMs also have USB sockets — and just like your PC, some ATMs will automatically boot whatever’s plugged into the USB socket. The USB socket is hidden behind the ATM’s fascia, but it can be revealed if you know where to cut — and once you’ve loaded the malware on, you can easily cover up the hole. If you have knowledge of the ATM’s software, it’s possible to use malware to inject new features, or disable existing ones. In a word, once you’ve infected the ATM, it’s fairly easy to steal its money with complete impunity. You may have noticed that we’re talking in generalities here — but that’s because it’s all we have. Two German researchers, who have asked to remain anonymous, were contacted by the European bank that had discovered this attack earlier in the year. They analyzed the disk image of an infected cash machine, and worked out that the high-tech criminals must’ve reverse-engineered the ATM’s client software and injected a new menu. When triggered by a code entered on the keypad, the menu gives the criminals direct access to the ATM’s cash-dispensing functions. ”For sure, they had to have a profound knowledge of ATMs,” said one member of the research team. “Most likely they actually had one to test. Either they stole one and reverse engineered the cash client, or most likely, they had someone on the inside.” As you can imagine, given the fact that most ATMs are powered by Windows XP, this isn’t exactly a new attack vector. According to Wired, some banks have upgraded their ATMs to prevent them from booting from external USB drives. This particular attack only affects the cash machines of a sole (undisclosed) bank in Europe, and the researchers say that the malware doesn’t appear to harvest customer PINs or other sensitive data. Basically, they install the malware, wait for the machine to be refilled with cash, and then empty the machine out — presumably in the middle of the night, as it takes quite a while to withdraw thousands of bills. Moving forward, there isn’t a whole lot banks can do, except for upgrade their ATMs — but, as you can imagine, that’s a slow and expensive task. The upgrades filter out slowly, too, so while the ATMs in Berlin might be safe, ATMs deployed in developing countries might take a lot longer to be updated. The only saving grace is that developing a hack like this requires a lot of time and expertise — but considering the attack appears to be untraceable, and can be used repeatedly to accrue millions of euros/dollars, it’s probably worth it. Some other operating systems, including Linux, are used by ATMs, but it’s mostly a Windows-dominated market.
GMT 05:16 2016 Tuesday ,09 August
Researchers reach important milestone in quantum computer developmentGMT 21:03 2016 Monday ,08 August
Symantec: New spyware detected targeting firms in Russia, ChinaGMT 09:15 2016 Wednesday ,01 June
Microsoft wants Windows to open into mixed realityGMT 08:18 2016 Thursday ,21 April
Intel gambit aims for position in post-PC worldGMT 08:21 2016 Saturday ,16 April
US advises deleting QuickTime from Windows computersGMT 11:00 2015 Sunday ,25 October
All versions of Windows affected by critical security flawGMT 10:29 2015 Sunday ,25 October
Adobe releases emergency patch for Flash zero-day flawGMT 11:44 2015 Wednesday ,07 October
Microsoft unveils first laptop, Windows 10 smartphonesMaintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Send your comments
Your comment as a visitor