ATM Hack – This is how Hackers attack an ATM
ATM Hack – Kaspersky Lab experts show us how a Hacker can attack an ATM and therefore an ATM without damaging the Bank.
Hack ATM 1: a fake processing center
This method p expects an attacker to use a cable that connects the machine to the network. A hacker disconnects the ATM from the bank’s network and connects it to a device that acts like a fake data center.
The box is used to check the money box and send orders to the ATM, requesting to withdraw money from the selected box. It’s very simple: the attacker can use any card or enter any PIN code and illegal transactions will seem legal.
ATM hack 2: a remote attack on several ATMs
This method involves work done from within the targeted bank. The criminal buys a key from the infiltrator that opens the ATM. The key does not allow the attacker to access the money box, but exposes the network cable. The hacker disconnects the ATM from the bank’s network and connects it to a special device that sends all the data to its server.
Networks connecting ATMs are often not segmented (separated for security ) and ATMs may be configured incorrectly. In this case, with a similar device, a hacker can compromise several ATMs in one go, even if the malicious device is connected only to one of them.
The rest of the attack happens just as we described in Method 1: a fake processing center is installed on the server and the attacker gains complete control of the ATMs. Using any card, a criminal can withdraw all the money from ATMs, regardless of the model. For this method to work, the only thing that must be the same for everyone is the protocol used to connect ATMs to the processing center.
Hack ATM 3: the black box attack
As described above, the attacker obtains the key to the ATM machine and accesses it, but this time he puts the machine in maintenance. Next, the hacker plugs the so-called black box into the exposed USB port. A black box is a device that allows the attacker to control the money box.
While the attacker tampered with the ATM, the monitor displays a service message such as “Maintenance in progress” or “Out of service”, even if in reality the ATM could still withdraw money. In addition, the black box can be controlled wirelessly via a smartphone. The hacker only needs to press a button on the screen to get the money and then get rid of the black box to hide evidence of damage to the machine
ATM 4 hack: a malware attack
There are two ways to infect the targeted ATM with malware: by inserting a USB stick with a malware into the port (requesting the key to open the ATM structure) or by infecting the machine remotely, having previously damaged the bank’s network .
If the targeted ATM is not protected by malware or does not employ a whitelist, a hacker can cause a malware to send orders to the ATM to make him pay out money, repeating the attack until the money box empties.
Obviously, not all ATMs can be hacked. The attacks described above are only feasible if something is not configured properly. This could be the non-fragmented bank network, unsolicited authentication when the ATM software exchanges data with the hardware, the non-existence of whitelist for apps or the network cable that is easily accessible.
Unfortunately, such problems are very common. For example, they allowed attackers to infect a series of ATMs with the Tyupkin Trojan . Kaspersky Lab’s experts are always ready to help banks solve these problems: we can offer consultancy services or check banks’ infrastructure and test their resistance to attacks.