Many ATMs ‘still vulnerable’ to hackers

For many people, ATMs are still the primary physical interaction they have with their bank, as they’re a convenient and simple way of keeping up with many basic banking tasks.

But increasingly, these devices are coming to the attention of criminals. While issues such as skimming are one problem that’s on the rise, another factor that’s causing major headaches for ATM operators is hackers gaining direct access to machines.

This can be through the use of malware specially designed for the task, such as the Tyupkin software discovered in 2014, which was one of the first widely-known tools for targeting ATMs. However, another challenge for the banks is ‘jackpotting’, which exploits weaknesses in ATM technology and the supporting infrastructure to take over a machine and command it to release cash.

The key security issues for ATMs

A recent study by Kaspersky highlighted two key security issues that can leave ATMs exposed to jackpotting or malware attacks. The first of these is the fact that many machines still run on very outdated software that leaves them vulnerable.

One particular issue with this is that the operating system will not usually require any authorization for the commands it receives, so once a hacker does gain access, they have almost complete free rein, so could turn the PIN pad and card reader into a ‘native’ skimmer or just give away all the money stored in the ATM.

However, in many cases, criminals do not even have to use malware to access an ATM, because of poor physical security on devices. It is often a simple task for a hacker to gain physical access either to the machine itself or the network cable that connects it to the bank’s infrastructure.

This can allow them to install a specially programmed microcomputer, or ‘black box’, to the device to give them remote access, or even reconnect the ATM to a rogue processing center.

There are several ways for banks to protect the connection between ATMs and the processing center, such as using a hardware or software VPN, SSL/TLS encryption, a firewall or MAC-authentication. However, these defenses are often not implemented, or if they are in place, are misconfigured. This means criminals don’t have to manipulate the hardware – they just exploit insecurities in the network communication.

Stopping the hackers

So what can ATM operators do to reduce these risks and prevent criminals from gaining access to their hardware? Primarily, their focus needs to be on upgrading their ATMs with the latest software and physical protections.

However, while the current weaknesses are widespread among many ATMs, the good news is that they can be addressed.

Most of the attacks that NCR has seen are a result of financial institutions either not deploying security solutions, or not taking a holistic view to deployment of a layered protection strategy. There is no single bullet solution to combat these types of risks. Customers need to look at everything from the physical location of the ATM, to the way the network connectivity is configured and protected. Endpoint security solutions are needed to protect the card data and the cash.

It is vital that customers maintain current on their version of operating systems, software and firmware, and it is also important to implement cryptographic protection and integrity control over the data transmitted between all hardware units and the PCs inside ATMs.

Written by Dena Hamilton

Dena Hamilton

Dena is NCR's Director of Enterprise Fraud & Security Software Solutions. She specializes in fraud, risk, compliance and security, with over 35 years of experience in the financial services space. Her focus is the development and deployment of enterprise financial crime solutions optimized in prevention, detection and back office efficiency.

Read more articles from Dena Hamilton