The researchers said most ATMs are usually based on outdated software, such as Windows XP and this makes the vulnerable to either malware or other exploits. Another security headache is the use of the insecure XFS standard which banks use to communicate with ATMs.
Olga Kochetova, security expert at Kaspersky Labs Penetration Testing department, said that the problem is that XFS specification requires no authorisation for the commands it processes, meaning that any app installed or launched on the ATM can issue commands to any other ATM hardware unit, including the card reader and cash dispenser.
Another issue is how easy it is to gain physical access to an ATM. Hackers can deploy a ‘black box’, basically a tiny computer that helps criminals connect the ATM to a rogue processing centre under their control, bypassing any security measures the bank has put in place.
In order to guard against such attacks, Kochetova said the XFS standard needs overhauling and two-factor authentication needs deploying to cash machines.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now