Comments
Hackers Cash In On ATMs
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
3/30/2014 | 2:16:13 PM
Re: Root Default of ATM
Ryan raises an interesting issues, the security level for many ATM is not acceptable.

Banks cannot think to continue to use phase out OSs like XP while cyber threats are even more sophisticated.

Physical protection is another serious problem, why are we surprised if the computers behind ATM is easily accessible? I'm not surprised by news regarding similar hacks ... the problem is elsewhere.

Why Does BIOS of the ATM machines allow booting from external and unauthorized media (e.g. CD ROMs , USB sticks)?

What's about disk encryption to prevent disk tampering?

This hack is the result of many errors!

This is not security

Thanks

Pierluigi
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/28/2014 | 4:38:37 PM
Root Default of ATM
I have read a few reports about Ploutus and yes it poses a very large risk, but I think the risk lies in the machines architecture and not too much in the "malware" being transferred via the device, USB, phone, etc.

Correct me if I am mistaken but it seems that these machines are in an administrative state for routine/emergency maintenance and its only the physical barrier that truly denies access to the kingdom. But as knights circumvent a moat, people have gotten past this safeguard and are tasking the machine with minimal intrusion.

One comment I saw on a forum regarding Ploutus, though cynical, carried some truth. You can't leave a machine in root status and expect it not to perform root tasks. 

As delineated in your article, banks are now undergoing expensive counter procedures to smooth out this issue. But that is more of a reactive approach and therefore a huge security flaw. It needs to be realized that security is most effective when handled pre-emptively. For whatever reason, these machines were left in a vulnerable state with only a thin physical layer to keep people out. What are other peoples thoughts regarding the ATM "hacks"?

 
<<   <   Page 2 / 2


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11440
PUBLISHED: 2018-05-25
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...