ATM Security Workshop on GISEC 2024 Conference
sergey489810
151 views
38 slides
Apr 23, 2024
Slide 1 of 38
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
About This Presentation
ATM Security Workshop on GISEC 2024 Conference
Positive Technologies
Slide Content
Automated Teller Machine ( ATM )
Overview What components does an ATM consist o f How does the ATM interact with banks What attacks are applicable to ATMs Practical demonstration
Vulnerabilities found in Diebold Nixdorf ATMs allowing cash withdrawals Hackers stole $346,000 from a Thai bank, causing the shutdown of 3,300 ATMs in the country ATMs in Europe were hacked using a USB stick In Hours, Thieves Took $45 Million in A.T.M. Scheme
Statistics Network attacks Vulnerable Requirements Required time 85% ATMs ATM network access 15 minutes Black Box Vulnerable Requirements Required time 69 % ATMs Physical access to the service area 10 minutes Boot in abnormal mode (e.g. safe mode) Vulnerable Requirements Required time 42 % ATMs Physical access to the service area 15 minutes Escaping kiosk mode Vulnerable Requirements Required time 76 % ATMs Physical access to the service area 15 minutes Hard disk access Vulnerable Requirements Required time 92 % ATMs Physical access to the service area 20 minutes
About ATMs
ATM types (by location) Components of the ATM Office (installed indoors) Outdoor (installed outdoors) Over-the-wall (installed through a partition both inside and outside the building) Supervisor / Operator Panel PC Core Coin Dispenser Receipt / Journal Printer and Card Reader Card Capture Bin Standard Side-Box or Cheque Acceptor Side-Box Security Enclosure Door Top-Box Network connection Digital Audio Volume Control Statement Printer Currency Dispenser or Cash Acceptor Security Enclosure Door
Typically ATMs have the following characteristics important for our case: Typical ATM attributes Run on Win* operating systems — typically Win7, Win10 Rigidly segmented from the corporate LAN, in their own segment for ATMs, network accesses are sliced strictly Dedicated group of administrators Not domain members, only workgroups Antivirus software is installed on the device >
ATM Communications More details CDM EPP IDC NFC QR Windows Firewall Processing center Monitoring server Bank network Secure communication channel Methods of connecting to an ATM CDM — Recycler/ Dispenser EPP — Peripherals IDC — Card reader NFC — NFC module QR — QR-code module Encrypted processing data Unencrypted monitoring data Unencrypted monitoring data Encrypted processing data
Processing center Bank network Encrypted communication ATM Bank application Service providers Peripherals API SPI XFS manager User
ATM attacks overview
Attacking ATM components Device Possible attacks ATM computer Connection of USB devices Connection to hard drive Boot mode modification Card reader decodes data from bank cards Card data intercaption Cash dispenser issues banknotes from the safe Black Box Network equipment connects the ATM to the processing center and remote administration servers Interception of network traffic Spoofing of processing center Attack on available network services Attack on network devices Connection from the bank`s internal network Spoofing or hacking of software update server
Insufficient peripheral security (including cash dispenser issues) Vulnerabilities or improper configuration of Application Control Improper configuration of systems or devices Insufficient network security Other things ATM vulnerabilities categories youtube.com/@bankomat3210
Black box attack
With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version (with malicious content) to bypass the encryption and withdraw cash.) Real life example CVE-2018-9099 CVE-2018-9100 CVE-2017-17668 CVE-2018-5717
Computer A Black Box attack in unprotected ATM cabinet Cash dispenser in reinforced safe Black Box connected Cable
A Black Box attack Single-board computers
Exit from Kiosk mode Exit from Kiosk online contest
The keyboard is the main tool when hacking an ATM The main task is to find a button or key combination that will close the kiosk
You can automate the search using Teensy Exit from kiosk mode Connect device Attacker device (HID emulator, keyboard) Exit kiosk mode Bypass or disable security Send command to cash dispenser to issue banknotes !
Privilege Escalation About privilege escalation Outdated Software Vulnerable Windows Kernel Exploit for publicly known vulnerability can be developed 0-day exploit can be identified and developed Public exploit exists Vulnerable Application Exploit for publicly known vulnerability can be developed 0-day exploit can be identified and developed Public exploit exists
Access to Hard Drive
Access to Hard Drive Computer Hard drive External disk Bypass or disable security Direct connection to hard drive
Access to Hard Drive Connect external disk Connect to hard drive Access hard drive Start up from external disk Change BIOS boot order Write malware to hard drive Add malware to whitelist or disable security software Run malware Send command to cash dispenser to issue banknotes
Boot mode
Boot mode ! Star up debug mode Obtain control of ATM OS Exit kiosk mode Execute arbitrary commands Execute arbitrary commands Star up in Safe Mode Send command to cash dispenser to issue banknotes
ATM network attacks
ATM network attacks Ethernet cable Network devices Attack available network services Bank internal network Processing center Software update server Wi-Fi GSM Spoof or hack software update server Connect remotely to ATM Spoof processing center Attack network devices
ATM network attacks Spoofing of processing center Connect processing center emulator Network equipment ATM sends request to confirm translation Real processing center does not receive the request Processing center ATM Processing center emulator
ATM network attacks Exploitation of vulnerabilities in available network services ! Connect to network equipment Exploit vulnerabilities in available network services Bypass or disable security Send command to cash dispenser to issue banknotes
Card data theft Interception of data between ATM and processing center Card reader Intercept data between card reader and ATM OS Card data Card data Processing center ATM OS Intercept data between ATM and processing center
Card data theft Connect to network equipment Access network traffic Intercept card data Attack network devices Attack network traffic
Card data theft Infect ATM with malware Install device between card reader and ATM computer Intercept data between card reader and ATM OS Install device between card reader and ATM OS
Other things
DMA Attacks Victim Machine Data From Memory PCle Device A Complection TLP Attacker Machine Command Sent Memory Read Request TLP PCle Device A
DMA Attacks
Today we learned about security aspects of ATMs Now you know how attackers will act if they want to hack into your ATM machine And you know who to turn to if you want to conduct such testing by white-hat hackers Let's sum it up
Questions and Answers Everything you wanted to know about ATM security but were afraid to ask
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 151
- Slides 38
- Age 586 days
Related Slideshows
1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
26 views
16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
30 views
31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
24 views
36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
27 views
112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
23 views
20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
24 views