Most of the ATMs produced by NCR, Diebold Nixdorf, GRGBanking and used by banks have proven to be vulnerable to attack by remote or local potential attackers, and most attacks take no more than 15 minutes. Analysis from Positive Technologies shows that ATMs are incredibly sensitive to four security issues, from poor peripherals and network security to inadequate system/device configurations and application-controlled security vulnerabilities/configuration errors.
It is reported that about 85% of the ATMs manufactured by NCR, Diebold Nixdorf, and GRGBanking are easily broken after 15 minutes of potential attackers entering the ATM network.
Positive Technologies said that if the attacker is an employee of a bank or Internet provider, they can launch the attack remotely, and if not, the attacker needs to be present in person to open the ATM, unplug the Ethernet cable and connect the rogue device to the modem ( Or replace the modem with such a device).
Upon entering the ATM, an attacker can use a direct or man-in-the-middle attack against an ATM or a service running on the ATM, after which they can intercept and modify the packet to trick the processing center into responding and controlling the surrounded device.
Most ATMs under test do not have adequate data protection in the information exchanged with the processing center. Although they all have firewall protection, unfortunately, their firewall protection configuration is reduced.
Positive Technologies pointed out that in many cases, the lack of security for peripherals is due to the lack of authentication between peripherals and the ATM operating system. As a result, criminals can use ATMs infected with malware to access these devices or connect their own devices directly to a distributor or card reader, after which criminals can steal cash or intercept bank card data.