Faulty Drivers Fuel ATM Hacking Problem, Say Researchers

Spread the love

Faulty Drivers Fuel ATM Hacking Problem, Say ResearchersFaulty Windows drivers are to blame for many attacks against ATM and point-of-sale (POS) devices, according to research from Portland, Oregon–based hardware security research company Eclypsium. In a report released this week, it built on previous research highlighting how attackers can exploit poorly designed third-party drivers to gain control over the kernel of Microsoft’s operating system and the underlying device firmware. It went on to explain how people can exploit these vulnerabilities to target highly regulated devices.

The researchers found a vulnerable Windows driver exposing a Diebold Nixdorf ATM to attack after acquiring the computer used in the ATM, which controls critical components, including the cash cassettes. The hardware driver provided arbitrary access to I/O ports on the system, enabling it to access devices connected via the PCI interface. The system also used the driver to update the device’s BIOS firmware, which could enable it to install a boot kit, they warned. The ATM vendor has already worked with Eclypsium to fix the problem, the report said.

This is not an isolated problem, the researchers warned. “These capabilities in a vulnerable driver could have a devastating impact on ATM or POS devices. Given that many of the drivers in these devices have not been closely analyzed, they are likely to contain undiscovered vulnerabilities,” the report said.

Eclypsium drilled down into the specific driver problems that create problems for the Windows kernel in previous research. It named several vendors that had released vulnerable drivers for their devices.

For a long time, there was no way for Windows to mitigate these problems. That changed with the introduction of hypervisor-enforced code integrity (HVCI), which protects Windows from malicious code using built-in virtualization features. The problem is that this feature requires newer processors and isn’t yet supported by many third-party drivers, they warned.

ATM hardware doesn’t get replaced all that often, meaning that many of them won’t be equipped with HVCI. Regulations also slow down the driver patching process, the researchers added. If a device is certified to external security standards, then any change that a vendor makes to its software or firmware could result in delays as it goes through the certification process again, they said.

Other security companies have also highlighted problems with patching ATM software. In a 2019 white paper about ATM security challenges, Fortinet pointed out that manual processes for patching ATMs might fall outside the scope of corporate patch management systems that banks use for conventional IT equipment. That can make it difficult for IT administrators to patch thousands of ATMs across a distributed infrastructure, it warned.

Attacks on ATM hardware (as opposed to the use of add-on skimming devices) are a perennial problem for banks. In September 2019, malware from the Lazarus Group was discovered targeting ATMs in Indian banks. Cash-out crews have also reportedly been targeting US ATMs with ‘jackpotting’ attacks, in which malware forces devices to continually dispense cash, since 2018.

X ITM Cloud News


Leave a Reply

Next Post

Hints at jaw evolution found in marsupials and monotremes

Wed Jul 1 , 2020
Spread the love          Infant marsupials and monotremes use a connection between their ear and jaw bones shortly after birth to enable them to drink their mothers’ milk, new findings reveal. X ITM Cloud News

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware