Bancsec Advisor‎ > ‎

Sticking it to the ATM

posted Feb 11, 2014, 5:12 PM by web admin   [ updated Feb 11, 2014, 5:12 PM by Kyle Horst ]
(December 31, 2013)

A pair of security researchers demonstrated how infected USB devices were used to automatically install malware on ATMs earlier in 2013.  The infected USB devices were allegedly planted by criminals after access holes were cut in ATMs, exposing the USB ports.  Once the ATMs were rebooted, the malware would automatically install. Several interesting features designed to protect it from fellow criminals include a 12-digit code to bring up the money-dispensing functions and a second challenge-response code to extract the money.  To mitigate this attack vector, USB boot functionality should be disabled on all ATMs.

Relevant URL(s):