By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

News Junction

Notification Show More
Font ResizerAa
  • Home
  • World News
    World NewsShow More
    In one Indian city, reflective paint and bus stop sprinklers offer relief from killer heat
    In one Indian city, reflective paint and bus stop sprinklers offer relief from killer heat
    May 14, 2025
    Ousted Bangladesh PM Hasina’s party barred from election as party registration suspended
    Ousted Bangladesh PM Hasina’s party barred from election as party registration suspended
    May 14, 2025
    Cassandra Ventura testifies, tells jury freak offs became a job
    Cassandra Ventura testifies, tells jury freak offs became a job
    May 13, 2025
    White South Africans arrive in US after Trump administration granted them refugee status | World News
    White South Africans arrive in US after Trump administration granted them refugee status | World News
    May 13, 2025
    Trump’s Mideast Wish List: + Trillion in Investments – and Some Diplomacy Too
    Trump’s Mideast Wish List: $1+ Trillion in Investments – and Some Diplomacy Too
    May 13, 2025
  • Business
    BusinessShow More
    Ukraine blows up bridges to consolidate its positions in Russia
    Ukraine blows up bridges to consolidate its positions in Russia
    August 18, 2024
    Commentary: AI phones from Google and Apple will erode trust in everything
    Commentary: AI phones from Google and Apple will erode trust in everything
    August 18, 2024
    The most famous Indian Dishes – Insights Success
    The most famous Indian Dishes – Insights Success
    August 18, 2024
    Life on the road as a female long rides cyclist
    Life on the road as a female long rides cyclist
    August 18, 2024
    UK inflation rises to 2.2%
    UK inflation rises to 2.2%
    August 18, 2024
  • Cryptocurrency
    CryptocurrencyShow More
    Dogecoin Price Completes Weekly Close Above Pre-Halving Highs, Next Stop Above alt=
    Dogecoin Price Completes Weekly Close Above Pre-Halving Highs, Next Stop Above $0.2?
    May 14, 2025
    Cantor Equity Partners (CEP) News: 4,812 Bitcoin Purchased
    Cantor Equity Partners (CEP) News: 4,812 Bitcoin Purchased
    May 14, 2025
    BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, LEO, HBAR
    BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, LEO, HBAR
    May 14, 2025
    Altcoins’ roaring returns and falling USDT stablecoin dominance suggest ‘altseason’ is here
    Altcoins’ roaring returns and falling USDT stablecoin dominance suggest ‘altseason’ is here
    May 14, 2025
    How to Use tsUSDe on TON for Passive Dollar Yield in 2025
    How to Use tsUSDe on TON for Passive Dollar Yield in 2025
    May 13, 2025
  • Technology
    TechnologyShow More
    How to Improve Your Spotify Recommendations
    How to Improve Your Spotify Recommendations
    August 18, 2024
    X says it’s closing operations in Brazil
    X says it’s closing operations in Brazil
    August 18, 2024
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    August 18, 2024
    Scientists Want to See Videos of Your Cat for a New Study
    Scientists Want to See Videos of Your Cat for a New Study
    August 18, 2024
    OpenAI’s new voice mode let me talk with my phone, not to it
    OpenAI’s new voice mode let me talk with my phone, not to it
    August 18, 2024
  • Entertainment
  • Sports News
  • People
  • Trend
Reading: Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines
Share
Font ResizerAa

News Junction

  • World News
  • Business
  • Technology
  • Cryptocurrency
  • Trend
  • Entertainment
Search
  • Recent Headlines in Entertainment, World News, and Cryptocurrency – NewsJunction
  • World News
  • Business
  • Cryptocurrency
  • Technology
  • Entertainment
  • Sports News
  • People
  • Trend
Have an existing account? Sign In
Follow US
News Junction > Blog > Trend > Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines
Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines
Trend

Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines

Published August 10, 2024
Share
4 Min Read
SHARE

There is a grand tradition at the annual Defcon security conference in Las Vegas of hacking ATMs. Unlocking them with safecracking techniques, rigging them to steal users’ personal data and PINs, crafting and refining ATM malware and, of course, hacking them to spit out all their cash. Many of these projects targeted what are known as retail ATMs, freestanding devices like those you’d find at a gas station or a bar. But on Friday, independent researcher Matt Burch is presenting findings related to the “financial” or “enterprise” ATMs used in banks and other large institutions.

Burch is demonstrating six vulnerabilities in ATM-maker Diebold Nixdorf’s widely deployed security solution, known as Vynamic Security Suite (VSS). The vulnerabilities, which the company says have all been patched, could be exploited by attackers to bypass an unpatched ATM’s hard drive encryption and take full control of the machine. And while there are fixes available for the bugs, Burch warns that, in practice, the patches may not be widely deployed, potentially leaving some ATMs and cash-out systems exposed.

“Vynamic Security Suite does a number of things—it has endpoint protection, USB filtering, delegated access, and much more,” Burch tells WIRED. “But the specific attack surface that I’m taking advantage of is the hard drive encryption module. And there are six vulnerabilities, because I would identify a path and files to exploit, and then I would report it to Diebold, they would patch that issue, and then I would find another way to achieve the same outcome. They’re relatively simplistic attacks.”

The vulnerabilities Burch found are all in VSS’s functionality to turn on disk encryption for ATM hard drives. Burch says that most ATM manufacturers rely on Microsoft’s BitLlocker Windows encryption for this purpose, but Diebold Nixdorf’s VSS uses a third-party integration to run an integrity check. The system is set up in a dual-boot configuration that has both Linux and Windows partitions. Before the operating system boots, the Linux partition runs a signature integrity check to validate that the ATM hasn’t been compromised, and then boots it into Windows for normal operation.

“The problem is, in order to do all of that, they decrypt the system, which opens up the opportunity,” Burch says. “The core deficiency that I’m exploiting is that the Linux partition was not encrypted.”

Burch found that he could manipulate the location of critical system validation files to redirect code execution; in other words, grant himself control of the ATM.

Diebold Nixdorf spokesperson Michael Jacobsen tells WIRED that Burch first disclosed the findings to them in 2022 and that the company has been in touch with Burch about his Defcon talk. The company says that the vulnerabilities Burch is presenting were all addressed with patches in 2022. Burch notes, though, that as he went back to the company with new versions of the vulnerabilities over the past couple of years, his understanding is that the company continued to address some of the findings with patches in 2023. And Burch adds that he believes Diebold Nixdorf addressed the vulnerabilities on a more fundamental level in April with VSS version 4.4 that encrypts the Linux partition.

#Flaws #Ubiquitous #ATM #Software #Attackers #Cash #Machines

TAGGED:ATMattackersblack hatcashCrimecybersecuritydefconflawshackinghacksMachinessecuritysoftwareUbiquitous
Share This Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Email Copy Link Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Plane crashes in Brazil’s Sao Paulo state, all 62 on board killed | Aviation News Plane crashes in Brazil’s Sao Paulo state, all 62 on board killed | Aviation News
Next Article Maren Morris says her 4-year-old son Hayes helped her through Ryan Hurd divorce and coming out as bisexual: ‘We feel like partners in crime’ Maren Morris says her 4-year-old son Hayes helped her through Ryan Hurd divorce and coming out as bisexual: ‘We feel like partners in crime’
- Advertisement -

Latest Post

Dogecoin Price Completes Weekly Close Above Pre-Halving Highs, Next Stop Above alt=
Dogecoin Price Completes Weekly Close Above Pre-Halving Highs, Next Stop Above $0.2?
Cryptocurrency
In one Indian city, reflective paint and bus stop sprinklers offer relief from killer heat
In one Indian city, reflective paint and bus stop sprinklers offer relief from killer heat
World News
Cantor Equity Partners (CEP) News: 4,812 Bitcoin Purchased
Cantor Equity Partners (CEP) News: 4,812 Bitcoin Purchased
Cryptocurrency
BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, LEO, HBAR
BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, LEO, HBAR
Cryptocurrency
Ousted Bangladesh PM Hasina’s party barred from election as party registration suspended
Ousted Bangladesh PM Hasina’s party barred from election as party registration suspended
World News
Altcoins’ roaring returns and falling USDT stablecoin dominance suggest ‘altseason’ is here
Altcoins’ roaring returns and falling USDT stablecoin dominance suggest ‘altseason’ is here
Cryptocurrency
- Advertisement -

You Might Also Like

Future Festival Summer 2024 Promo : Summer 2024 Promo
Trend

Future Festival Summer 2024 Promo : Summer 2024 Promo

August 13, 2024
The Best YouTube Channels for Your Cat
Trend

The Best YouTube Channels for Your Cat

August 16, 2023
Trump’s Shooting Led QAnon Believers to Double Down
Trend

Trump’s Shooting Led QAnon Believers to Double Down

August 14, 2024
‘Every middle-aged woman in the country was astonished’: Journalists criticise Lancashire police for revealing Nicola Bulley’s menopause and alcohol struggles as documentary marks one year since tragedy
People

‘Every middle-aged woman in the country was astonished’: Journalists criticise Lancashire police for revealing Nicola Bulley’s menopause and alcohol struggles as documentary marks one year since tragedy

February 2, 2024

About Us

NEWS JUNCTION (NewsJunction.xyz) Your trusted destination for global news. Stay informed with our timely and accurate reporting on diverse topics, including politics, technology, science, entertainment, sports, and more. Count on us for unbiased and reliable updates at your fingertips.

Quick Link

  • About
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Contact

Top Categories

  • World News
  • Business
  • Technology
  • Entertainment
  • Cryptocurrency
  • Sports News
  • Trend
  • People

Subscribe

Subscribe to our newsletter to get our newest articles instantly!

    © 2023 News Junction.
    • Blog
    • Advertise
    • Contact
    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?