Tuesday, November 19, 2013

ATM Malware


A group of ATM cash machine in Mexico recently was aim of new samples of malware known as Plutous. This was part of an attack that allowed hackers to remotely manipulate the denominations of money dispensed by ATM at these positions.

 But while this new type of attack directed against ATM is a serious risk of fraud, but the skimming is a bigger danger (for experts). The skimming is nothing else than copying private user data using the magnetic stripe of the card. Precautions should be taken against both immediate threats, they say.

 Most problems that compromise the security of the ATM responds to insufficient physical and network security, If the locks used in the ATM platform are easy to break or network connections fail to encrypt transaction data, the data of the owner of the credit card will be at risk.

 It is proven that the locks used at ATMs are still not enough to physically protect the devices. Alarms In some situations do not jump when they are open, so that a machine could be altered and no one would know. We tried a lot of different ATMs and other point of sale devices, we still see lots of traffic also un-encrypted.

ATM machine

 But new malware attacks could mean a change in the ways of attack on these platforms. I think the malware is a crime far more dangerous and potentially harmful. While technology exists that can be applied to protect skimming attacks or we can educate the client to adopt a safe environment for your transactions, malware is hidden and out of our control."

 Services ATM and POS (Point-of-Sale) at risk

 ATM Exchange research includes a number of different constructions of ATMs, models and operating systems. And, apart from the mark, ATM Exchange concludes that a number of ATMs are susceptible to remote attacks, such as those found in Mexico and caused by poor computer security and/or lack of a system of data encryption protocols transaction such as the NDC and 912.

 In their tests, the experts were able to alter the transaction without requiring physical access to the device. Just needed to know the type of network on which the cashier was operating. Although ATM Exchange detailed vulnerabilities in their study appear to be different from those operated in the case of Mexico, the company specialists conclude that these recent threats could provide similar results.

 The attacks in Mexico came from a first physical attack ATMs were infected by introducing CDs in their optical drives, which contained the malware Ploutus.

 In most cases, there is simply generic malware (with ability to analyze memory) used against POS devices. In this case, the malware can also transfer funds and even control the type of output banknotes money.

 There was also a special code required to activate the GUI (graphical user interface) in the malware . The malware may have been designed for a specific bank ATM used, but although other banks are at risk. The good news , to call it , is that this phenomenon requires physical access to the device, which would limit the scope of the attacks on the self or standalone units .