The ATM is a machine that allows customers to make banking transactions without entering the bank.
Using an ATM, the user can withdraw or deposit cash, access his bank account, pay his bills, change the pin, update his personal information, etc.
Since ATM is all about cash, it has become a high priority target for hackers and robbers. In recent years, hackers have found many ways to break into ATMs. Hackers are not limited to physical attacks, such as card trapping, skimming, etc.
They are exploring new ways to hack ATM software. In this article, we will look at security solutions used for ATM security.
Most of the ATMs run on Windows XP and 7. Repairing individual ATMs is a rather complicated process. Because Windows XP is no longer supported by Microsoft, many ATM vendors use security solutions to mitigate threats associated with ATM attacks, such as malware-based attacks and operating system-level vulnerabilities.
These security solutions allow the application of ATMs to run in a rather restrictive environment, with limited services and procedures.
Two of these security solutions are Mcafee Solidcore and Phoenix Vista ATM.
McAfee Application Control blocks unauthorized executable files in the ATM operating system.
Allows you to run only those applications, processes, and services that are on the permissible list. Monitors changes (changes) in the program code and configurations through the Integrity Monitor.
Protects the application code and configuration from unauthorized changes with its change control mechanism. The ATM application and related files are first entered in the list of allowed and then executed.
Phoenix Vista ATM is a product of Phoenix Interactive Design Inc. acquired by Diebold.
It is integrated in the application that ATMs have. It works by checking the integrity of the files where any modification / violation of the critical file related to the application, will result in the shutdown of the system.
This does not allow any unauthorized program to modify the specific file of the application.
The architecture consists of 3 levels. OS <–> XFS <–> Vista ATM.
XFS (EXtensions for Financial Services) provides a client-server architecture for cost-effective applications on the Microsoft Windows platform, especially on peripherals such as ATMs that are unique to the financial industry.
It is an international standard promoted by the European Committee for Standardization (known as CEN, hence CEN / XFS). XFS provides a common API for accessing and operating different financial services devices, regardless of the manufacturer.
Vista ATM communicates with the XFS level which instructs the program, such as the ATM cash distributor, to distribute the cash. Any unauthorized modification to XFS files will activate the Vista ATM application to force restart the machine. The machine restarts 4-5 times and then enters maintenance mode which does not allow the user to make any transaction.
Below we will see a list of 26 ATMs, the software they use, as well as their security level.
The approach to testing the security of ATMs remains the same. The ultimate goal is to access the operating system or deal with the application-related file to see how the application itself behaves.
An attacker, after gaining access to the operating system, can create malware that can command the system program using XFS components.
Some of the test cases that can be considered are:
Test related to program authorization: Check if USB is enabled, try running an unauthorized program (exe file) directly from USB or using the USB auto-play feature.
Test related to program protection: Check if application-related files can be moved to another location, modified, or deleted.
Checks related to the modification of the whole process: Rename the unauthorized file with a valid and acceptable name. This will cause an unauthorized file to run when the application starts.
Threats related to unauthorized execution through the registry : Check if a critical registry key can be modified or if unauthorized software can be run by keeping it in the Windows startup folder. The executables in the Windows boot folder will run first when the system restarts.
As the number of ATMs increases, the machine is prone to hacking attacks, robberies, scams, etc. Most ATMs still use Windows XP, which makes these ATMs an easy target for hackers. Electronic money transfer includes three components which are the communication connection, the computer and the terminal (ATM). All three components must be secured to prevent an attack. We will look at the type of assessment we can perform to analyze the overall security of an ATM.
1. Vulnerability assessment and penetration testing of the network
These two activities are common when dealing with ATM security.
At pentest we check for network level vulnerabilities in an ATM. If the ATM communicates with the support server, it must be part of a network.
By obtaining the IP address of the ATM, we can perform a pentest test within the network. As a best security practice, the ATM network is separated from the bank's common network.
Therefore, the hacker must be on the same network as the ATM to find out the IP of the ATM and carry out attacks.
Once we enter the network where the ATM is located, we can perform a scan with it Nessus to identify its open doors, the services performed on them, as well as the vulnerabilities associated with its performed services. We can perform a full scan with NMAP to identify TCP and UDP ports and ATM services.
Configuration control is concerned with operating system security. Most ATMs run the Windows operating system. The operating system must have no security vulnerabilities, to reduce the attacker's attack range and not have many options. Some of the areas that we can consider when performing the ATM operating system configuration check are:
2. Application security check:
We can divide this activity into two categories:
a). Thick client application penetration testing: Some of the test cases we can perform are:
b). Application Design Review: In this process, we can check for security practices followed in the application itself. Some of the test cases may be:
Banks can implement some security practices to reduce the range of attack for the attacker. Below we will see some parameters that should be given great attention:
Protection against physical attacks:
Protection against hacking attacks:
Protection against fraud-based attacks:
With the advancement of technology, hackers are finding more and more ways to break into ATMs.
In the fight to maintain the security of ATMs and maintain the trust of customers, banks must stay one step ahead of criminals, developing the latest security solutions and reducing the range of attack as much as possible.
The solutions given in this article will help you make the ATM safer, enhancing both physical and logical security.
Originally posted at: https://en.iguru.gr/atm-hacking-proigmenes-methodoi-gia-tin-evresi-kenon-asfaleias