Hackers inserted a specialized device which was connected to the notebook into the card reader slot on the ATM and installed malicious software. 100 thousand US dollars were stolen from at least seven ATM in China.
We actively discuss this topic in Russia.
Stanislav Shevchenko, CTO of SafenSoft, company that develops information security solutions for ATMs, says the following. In order to infect the ATM software, you need to have an access to computer. This device cannot allow it. Interacting with card reader doesn’t let the criminal intrude the computer itself and the report doesn’t mention opening up any parts of ATM. Device itself looks strange compared to its function as it was described. No other incidents with usage of it are reported so far. All this makes us think that this information should be approached with caution because it’s either missing key parts of isn’t credible at all.
The NCR expert says that their company doesn’t know about this way of infection. So the possibility of the attack is very low.
Igor Korolev, Wincor Nixdorf expert, has another opinion. He would doubt this if the information was about ATMs in Russia, but this attack could be real in China. The main task was to transfer files from the card to HDD at the ATM. This task was divided into two subtasks: 1) where to take files from and 2) how to transfer them. For example, to а) write files to USB drive and b) use non-disabled autorun service to copy files to HDD. In the Chinese case they decided to write the files to the card but memory needed to be expanded using the laptop because the card didn’t have enough space for Trojan. Next, the question is how to transfer files to the system unit. There are a lot of ways to do it, but the easiest way is to secretly make a backdoor in ATM software. It’s less likely that they exploited vulnerabilities in card reader driver or firmware, but it is definitely possible.
What do you think about it? Is it possible?
Jul 2nd 2014
5 years ago
To me, its not that easy to do to steal money from an ATM machine. Yes I read similar thing from another high PR website http://www.gameoak.com/ as well, but still to me, its not an easy act to do in a modern day,|
Apr 8th 2015
4 years ago
|I disagree)) In some cases it can be differently, absolutely differently.||
Jan 28th 2016
4 years ago