The world's largest ATM makers, Diebold Nixdorf and NCR, have released software updates for their devices.
The problems found were of the type of deposit forgery. CERT / CC experts say that such vulnerabilities are rare, but last year two such errors were found at once: Diebold Nixdorf fixed the CVE-2020-9062 bug affecting ProCash 2100xe ATMs running on Wincor Probase, and NCR fixed the CVE bug -2020-10124 found in SelfServ ATMs running APTRA XFS.
Both of these vulnerabilities are almost identical. The root of the problem was that the ATMs did not require authentication, encrypt, or verify the integrity of messages sent between the cash acceptor and the host computer. As a result, an attacker who has physical access to connect to an ATM can fake these messages and artificially increase the amount of deposited cash during depositing funds.
As a rule, such attacks are accompanied by quick withdrawals of money. Usually they happen either on weekends, or the attack is immediately followed by transactions to other banks, that is, the scammers try to profit from non-existent funds as quickly as possible until a problem with the balance is found in the bank.
