Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
The most popular ATMs on the market, manufactured by the American company NCR, turned out to contain a serious vulnerability. Despite the fact that the vendor fixed the gap rather quickly, many banks still have not received the required updates.
The security issue was fixed six months ago. It was publicly reported during the Black Hat conference by researchers from Positive Technologies.
According to experts, an attacker could install outdated - therefore vulnerable - software on the dispenser controller. The dispenser is used to dispense bills.
Fortunately, the perpetrator must have physical contact with the attacked device, since to successfully exploit the breach, a single-board computer must be connected to the dispenser, which will send a command to withdraw cash.
The security hole in the devices is caused by incorrect memory write protection.
According to experts, it is NCR ATMs that are the most common. Given the severity of this vulnerability, credit institutions should seriously consider the associated risks.
The problem is exacerbated by the need to manually install the patch on all ATMs, which is a rather serious amount of work.
ATM maker NCR worked closely with experts who discovered the vulnerability to quickly close the security hole. Given the complexity of the update process and its delivery to endpoints, those affected by successful attacks using this vulnerability could sue NCR for property damage.
However, in this situation, the reputation of the victim of the bank hacking may suffer.
The security issue was fixed six months ago. It was publicly reported during the Black Hat conference by researchers from Positive Technologies.
According to experts, an attacker could install outdated - therefore vulnerable - software on the dispenser controller. The dispenser is used to dispense bills.
Fortunately, the perpetrator must have physical contact with the attacked device, since to successfully exploit the breach, a single-board computer must be connected to the dispenser, which will send a command to withdraw cash.
The security hole in the devices is caused by incorrect memory write protection.
According to experts, it is NCR ATMs that are the most common. Given the severity of this vulnerability, credit institutions should seriously consider the associated risks.
The problem is exacerbated by the need to manually install the patch on all ATMs, which is a rather serious amount of work.
ATM maker NCR worked closely with experts who discovered the vulnerability to quickly close the security hole. Given the complexity of the update process and its delivery to endpoints, those affected by successful attacks using this vulnerability could sue NCR for property damage.
However, in this situation, the reputation of the victim of the bank hacking may suffer.
