An Automated Teller Machine is a machine built for commercial purposes. Typically an ATM always give out money, receives money, check account balance or provide a statement for the account transactions. However, these machines may be vulnerable to attacks and one can exploit them and access the systems. We discuss more technical aspects of it, rather than just sticking to shoulder surfing.
Rogue keyboard access
One of the easiest ways to execute an attack on the ATM system is to attach a keyboard on the machine and then proceed to perform breakout. Connecting the keyboard to the ATM can be accomplished through the following steps:
– Open the ATM system using any vital opening tools
– Drill a hole next to the USB or the PS/2 port
– Open the ATM system by removing the screws that hold the plate to the wall
– Finally, physically connect the keyboard to the ATM computer system either in the PS/2 or USB port
Then now the attacker can proceed to do what is known as a ‘’break out” assignment. The process involves finding a key combination which enables an attacker to continue and execute custom commands on the ATM system trying to find the execution code. On locating the execution key, the attacker can decide to abuse the functionality of the system or load the code on the system to achieve the goal of an attack.
Other options such as privilege escalation and lateral movement through the ATM network are optional, and the attacker can decide to use them also for the same goal of achieving an attack.
Weak disk drive
This procedure involves accessing a weak disk on the ATM and tampering with the files on the drive to achieve code execution. There is also no reason for the attacker to complete the whole process on site; one can steal the disk, prepare the procedure then come back later to execute the attack. The attack steps are as follows:
– Open the ATM system using any opening tool or key
– Remove the screws attaching the ATM to the wall
– Identify whether the weak disk is un-encrypted and can be easily accessed
If the drive is unencrypted one can easily modify and read the files on the disk, but if the disk is encrypted in a weak style, the attacker can remove the encryption and access the data on the drive by booting the procedure.
Once the attacker has implemented encryption and received the decryption key from a network server, an attacker is forced to increase their investment to obtain access to the disk and boots into a business ATM operating system. Meaning now the ATM system becomes more vulnerable to risk if an attacker manages to gain access into the system. Some of the ways to obtain access include direct memory attacks, virtualization of the disk and sniffing the hardware communication.
Traditional network breach
The final way to execute an attack on the ATM system is attempting to breach the system from the network perspective. The first step of the attack involves unplugging the network cable on the ATM or the side of the router, then proceed by cutting the network cable and applying new wires. For wireless routers, an attacker has the options of cracking the Wi-Fi password then setting up a rogue Wi-Fi access point.
The attacker can now check the network traffic to determine the target and also obtain data about the potential weakness of the ATM system. On locating the targets, testing techniques such as port scans, vulnerability scans, credential brute force attacks and fuzzing of proprietary protocols are used to attempt to obtain access to the ATM system.
These attack techniques provide sensitive information which assists in code execution on the ATM or backend servers.
loading...
loading...