Share

ATMs 'vulnerable' to cyber hacking

accreditation
Bank ATM. (Duncan Alfreds, Fin24)
Bank ATM. (Duncan Alfreds, Fin24)

Cape Town – Bank ATMS are vulnerable to hacking because of outdated software, a global security firm has found.

Security outfit Kaspersky Lab has discovered that ATMs are vulnerable to hacks because many run the Windows XP operating system which is no longer supported by Microsoft.

The company conducted penetration testing as well as investigations into bank heists to determine the possibility of breaching bank digital defences.

“The results of our research show that even though vendors are now trying to develop ATMs with strong security features, many banks are still using old insecure models and this makes them unprepared for criminals actively challenging the security of these devices,” said Olga Kochetova, security expert at Kaspersky Lab’s Penetration Testing department.

In SA, many criminals target ATMs with bombings and card skimmings to steal money.

Malware theft

However, Kaspersky said that malicious software was also becoming an ideal vehicle for criminals to compromise ATMs.

The company identified a gang dubbed Carbanak in 2015 which stole an estimated $1bn from over 100 financial institutions in a carefully orchestrated spear phishing attack.

READ: Cyber bank robbery nets a billion

Tyupkin malware (Backdoor.MSIL.Tyupkin) on ATMs was discovered in 2014. Through the use of the malware, cyber criminals are able to empty ATM cash cassettes through direct manipulation.

But the malware has built-in security features that make it difficult to detect and remove: It only functions at specific times at night and operates with a key generated for every session.

READ: This is how crooks get into your bank account

Because Microsoft has ceased support for Windows XP, ATMs may remain vulnerable, said Kaspersky.

“In the vast majority of cases, the special software that allows the ATMs PC to interact with banking infrastructure and hardware units, processing cash and credit cards, is based on XFS standard. This a rather old and insecure technology specification, originally created in order to standardise ATM software, so that it can work on any equipment regardless of manufacturer,” the company added.

Watch this online video on how an ATM is hijacked:


“Should malware successfully infect an ATM, it receives almost unlimited capabilities in terms of control over that ATM: It can turn the PIN pad and card reader into a ‘native’ skimmer or just give away all the money stored in the ATM, upon a command from its hacker,” said Kaspersky.

The South African Banking Risk Information Centre (Sabric) has advised bank customers to be aware of suspicious people near ATMs and to not ask not accept help from people at cash machines.

Sabric also advised bank customers to be wary of different display layouts on ATM screens as it may be an indicator of tampering and not to force cards into machine slots.

Do you believe that your cash is safe in ATMs? Let us know


- Follow Duncan on Twitter

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.97
-0.2%
Rand - Pound
24.12
-0.1%
Rand - Euro
20.63
-0.2%
Rand - Aus dollar
12.40
+0.2%
Rand - Yen
0.13
+0.3%
Platinum
911.84
-1.3%
Palladium
1,018.92
-4.4%
Gold
2,161.29
+0.0%
Silver
25.11
+0.3%
Brent Crude
86.89
+1.8%
Top 40
66,252
0.0%
All Share
72,430
0.0%
Resource 10
53,317
0.0%
Industrial 25
100,473
0.0%
Financial 15
16,622
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders