Is your money safe in an ATM? Read these 7 points before you make that withdrawal

Awadh Jamal (Ajakai)
By -
0
Do you remember James Cameron's masterpiece 'Terminator 2' in which young John Connor hacks an ATM with a fancy Atari Portfolio and takes some money out? 'Terminator 2' may be a work of fiction but decades later it turns out ATM skimming is a real deal.
Last year, Indian banks such as HDFC Bank, ICICI Bank, Yes Bank, Axis Bank and SBI were targets of the biggest financial data breach of the country—as many as 3.2 million debit cards were hacked. Weeks after attack, the forensic report showed that hackers had penetrated Hitachi Payment System, a network to which some banks had outsourced their ATM transaction processing. Hackers capture all probable four-digit numbers from 0000 to 9999 to create a 'dummy code book'. With the help of that code, hackers steal the debit card PINs when customers use their cards in the ATMs.

"ATMs have become an attractive site of attack from cyber criminals globally. There have been reported cases of malware being injected through USB sticks into the teller machine forcing it to spew cash or sometimes the back end of the network is hacked such that an ATM is given false instructions to release cash completely remotely. ATMs are attractive points for criminals both for money as well as for card data of customers," says Aleks Gostev, the chief security expert at Kaspersky Labs.

Below are seven reasons, according to Kaspersky Lab experts, why it's so easy for hackers to compromise ATMs:

1. First of all, ATMs are basically computers. They consist of a number of electronic subsystems, including some exotic industrial controllers, but there’s always a conventional PC in the very center of ATM’s system.

2. Moreover, it’s very likely that this PC is controlled by a rather old operating system like Windows XP. You probably know what is wrong with Windows XP: it is not supported by Microsoft anymore, so any vulnerability found after support was killed off is a perpetual zero-day that nobody will ever patch. And you can bet there are a lot of these vulnerabilities. The outdated Windows XP version that has turned out to be the weak link, crippling information systems around the world, is used by 70% of Indian ATMs.

3. Besides, it’s also very likely, that there’s a lot of vulnerable software running in ATM’s system. From some outdated flash players with over 9000 widely known bugs inside to remote administration tools and more.

4. ATMs manufacturers tend to believe that ATMs are always operating in ‘normal conditions’ and nothing ever goes wrong. Hence there’s usually no software integrity control, no antivirus solutions, no authentication of an app that sends commands to cash dispenser.

5. In contrast to cash deposit unit and money dispenser, which are always pretty carefully armored and locked, the PC part of an ATM is easily accessible. Its enclosure is usually made of plastic, thin metal at best, and secured with locks too simple to keep criminals at bay. The logic of ATMs manufacturers is as following: if there’s no money in this part of an ATM, why bother to keep it secure?

6. Modules of ATMs are interconnected with standard interfaces, such as COM and USB ports. Sometimes these interfaces are accessible from outside of the cabinet. Even if not, you still need to keep in mind previous issue.

7. By their very nature, ATMs must be connected—and they always are. Since the Internet is the cheapest way of communicating these days, banks use it to connect ATMs to processing centers. And guess what? Yes, you can find ATMs on Shodan, a search engine that lets the user find specific types of computers (web cams, routers, servers, etc.) connected to the internet using a variety of filters. Shodan has shown there are thousands of exposed ATMs potentially vulnerable to a network attack.

While users have no way to find out if an ATM computer network is compromised, there are ways to know if the thieves have compromised the machine. Besides, malware attacks, there are other ways to hack ATMs—using counterfeit card readers, hidden cameras, ATM skimming, etc.

Check for hidden cameras

Recording your PIN number by hidden cameras is the most common way of stealing your confidential number. Spy cameras do not take much space and they can be easily placed near the keypad. So be careful the next time you withdraw money. Take a look around the machine if you find anything suspicious. You can also cover the keypad with one hand while entering number with the other.

Fake keyboards

Cameras are not the only tools at the ATM to steal your PIN. Fake keypads can also be used to record PIN inputs. A fake keypad can be placed on the actual keypad to steal the PIN. Fake keypads are bit spongy and loose. Capturing people's PINs through a false keypad is known as a 'pin-pad overlay' and a long-standing procedure used by the criminals.

Bulky or misaligned card slots

Additional card readers can also be placed in the card slot to obtain the necessary information. In most of the cases, the card slot feels slightly bulky or misaligned or protruding further out from the ATM than it should if a false card reader is put in the slot.

Loose card slot or Lebanese loop

Sometimes cards get stuck in ATM and we think there is some issue with the machine. Loose card slot may indicate the presence of a 'Lebanese loop' in the ATM machine—where a small strip of plastic or metal blocks the card slot and any inserted card is retained by the machine. The machine continuously asks for PIN number as the card can’t be read by the machine. Fraudsters get hold of the card once the helpless victim leaves the ATM counter.

False fronts

Fraudsters sometimes install entire false fronts on the actual ATM machine to steal the data. It is hard to identify but the false front looks odd and larger than the usual one.




Tags:

Post a Comment

0Comments

Post a Comment (0)

#buttons=(Accept !) #days=(20)

Our website uses cookies to enhance your experience. Check Now
Accept !