Every year at the Defcon security conference in Las Vegas, there is a tradition of hacking ATMs. People try to unlock them, steal personal information and PINs, and even get the machines to give out cash. Most of these hacking projects focus on retail ATMs found in places like gas stations or bars. However, independent researcher Matt Burch has been looking into vulnerabilities in the “financial” or “enterprise” ATMs used by banks and other large institutions.
Burch has identified six vulnerabilities in the security solution used by ATM-maker Diebold Nixdorf, called Vynamic Security Suite (VSS). Although Diebold Nixdorf claims to have fixed these vulnerabilities, Burch warns that not all ATMs may have received the necessary patches, leaving some machines open to attacks.
The vulnerabilities that Burch found are related to the hard drive encryption module used by VSS. While most ATM manufacturers rely on Microsoft’s BitLocker for encryption, Diebold Nixdorf uses a third-party integration with a dual-boot setup involving Linux and Windows partitions. Burch discovered that the Linux partition was not encrypted, allowing him to manipulate critical system validation files and take control of the ATM.
Diebold Nixdorf spokesperson Michael Jacobsen acknowledges that Burch disclosed these vulnerabilities in 2022 and that the company has been working on fixing them. Burch, however, believes that there may still be ways to exploit similar vulnerabilities, although it would be more challenging now. Jacobsen emphasizes the importance of keeping ATM systems up to date with the latest patches.
Despite the efforts to address these vulnerabilities, there have been real-world instances of ATM cash-out attacks using malware to steal money. These attacks usually require physical access to the ATM, making them more difficult to execute remotely. Burch mentions that organized crime groups may be training individuals to carry out these attacks efficiently.
As long as there are profits to be made from ATM cash-out attacks, the security community will continue to discuss and explore new ways to hack ATMs. It is crucial for ATM operators and financial institutions to stay vigilant and ensure that their systems are secure against potential threats. The ongoing efforts to improve ATM security will be essential in preventing future attacks and safeguarding users’ financial information.