ATM can be hacked by just drilling a hole
ATMs have always had a target painted on their backs. Just last year, over a dozen locations across Europe were hacked as well as attacks across Taiwan, Thailand and Pakistan were reported. Its no surprise therefore, when we say ATM security is a very real and serious concern that is looked into by a host of security firms. A security expert from Positive Technologies, in this quest of better security has unveiled another loophole that can be exploited to hack an ATM – drilling a hole.
A literal security loophole
Leigh-Anne Galloway has claimed that an ATM can be hacked by means of a hole drilled in the front section of an ATM- near the keypad. She stated “It’s just a safe with a computer on top ” and therefore, are vulnerable to the same threats a safe is. To top off that , most machines run on outdated Windows XP.
All a hacker needs to do, is drill a hole in the front of the machine and expose a USB cable. Once exposed, a hacker can gain access to the software running on the machine. Moreover, If a hacked machine collects an individual’s card details , the data can be spread across the entire network and money can be withdrawn from multiple locations with the bank customer being none the wiser.
Ms. Galloway has demonstrated her claims by hacking an ATM manufactured by Georgia based company – NCR – the world’s largest ATM maker and considered to be reliable and secure. The attached video only shows the process by which a user can access a USB port, the rest is not shown for security reasons. As seen, the process takes just around a minute. She also added that the system can then also be infected with malware thus, affecting every user of the machine from that moment onwards.
What a normal user can do to avoid this, is to use an ATM that is under constant surveillance – possibly one installed inside or around a bank’s premises. NCR on its side has urged banks to “stay current with all security defenses, operating system upgrades, and industry recommendations.” Regarding the security of their own machines, NCR had this to say, “We help our customers prevent attacks, and help them to assess and improve their security infrastructure,”
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.