Over several years, ATMs were jackpotted so many times with malware. They had various names, but equal possibility – malware based on financial applications standard. However, when banks tried to protect their ATMs from malware attacks, fraudster continued the cat-and-mouse game by ignoring the host and using different attack vectors. Malicious guys use so called “black boxes” to connect directly to dispenser to eject money. Such attacks circumvent all software protections on the host machine.
But host to dispenser is only one side. On the other side, we have all kinds of connections to the outer world. From X.25 to Ethernet and cellular networks. Thousands of ATMs can be attacked by MiTM-attacks called fake processing center. Or many of them can be identified with Shodan and then be attacked due to security misconfigurations, administrator laziness and lack of communication between different departments in banks.
In the course of our presentation, we won’t speak about XFS, different Typkins or plain old skimmers. We will concentrate on different aspects of network and internal security problems of ATMs. We will cover some basic controls that are already there and why they are important, as well as we will provide some advices to be implemented. Remember, trust zone – it’s not about ATMs!
We will continue our presentation from previous years and dig into technical details of attacks on ATMs produced by more wide spread vendors. Our presentation will concentrate on two aspects: network communications of ATMs with processing centers and communication of host with it’s peripherals. We will describe how attackers transform ATM into skimming device without any physical access to it or steal all money without any forensic evidence in ATM logs.
Olga Kochetova
Alexey Osipov