ATMs (automated teller machines) have remained a preferred target of hackers around the world. Last year, ATMs in over a dozen locations across Europe were attacked. There was widespread hacking of ATMs across Taiwan, Thailand, and Pakistan whereas Bangladesh’s central bank experienced world’s largest digital heist when SWIFT system was attacked, and $81 million (£64.95 million) were stolen. This is why it has become the priority of security firms and experts to find out vulnerabilities in ATMs to prevent hack attacks.
A security expert at Positive Technologies has joined the bandwagon by researching and identifying how hackers can extract cash simply from ATMs by drilling a hole around the keypad.
Leigh-Anne Galloway claims that ATMs can be hacked pretty easily if hackers drill a hole in the front, just where the keypad is located. Ms. Galloway explained that since a majority of cash machines are Windows XP systems that are linked with a safe, therefore, the trick makes a varied range of machines vulnerable to hack attack.
While speaking with Spencer Kelly from BBC Click, Ms. Galloway stated: “It’s just a safe with a computer on top.”
All a hacker need to do is create a hole, and a USB port will be exposed. By attaching a USB cable, hackers can dispense money conveniently. Moreover, if details of someone’s card are stored in a hacked machine, the data will spread across a network of ATMs and cash would be withdrawn without the knowledge of the owner.
Ms. Galloway demonstrated the trick to BBC by hacking an ATM manufactured by the world’s largest ATM maker NCR. The cash machines from NCR, a Georgia based firm, are perceived to be most reliable and secure, so it was quite a surprise that it was instantly hacked.
The video below shows how a hacker can locate the USB port. For security purposes, the rest of the act has not been shown.
As evident, the process takes only a minute.
Ms. Galloway further revealed that by infecting the system with malware, data from the card could be collected as well and all the information held on our cards will be exposed.
Sunday prep for #INFOSEC17 @PTsecurity_UK come see @a66at talking about banking security pic.twitter.com/wcdQ4iXvKy
— Leigh-Anne Galloway (@L_AGalloway) June 4, 2017
Users can avoid getting their cards hacked and money stolen by using ATMs that are installed inside a bank with security cameras present.
NCR has urged banks to make security their priority and “stay current with all security defenses, operating system upgrades, and industry recommendations.”
Regarding the security of their machines, NCR’s spokesperson stated that the company provides comprehensive information about security measures and recommendations for addressing threats like these.
“We help our customers prevent attacks, and help them to assess and improve their security infrastructure,” claims NCR.
However, we cannot ignore the fact that threats to ATMs are regularly growing as hackers are coming out with more complex and sophisticated methods to attack the machines. This makes securing the ATMs a relentless and never-ending task.