When you think of an Automated Teller Machine, you think of security, right? If the first thing you think of is "skimmer" devices built to steal your debit card information, then you've probably been reading some of my latest security updates. Now there's something even scarier that just hit the market, and it's spreading out from Eastern Europe. This vulnerability is just about ready to cross the border.
Well, it turns out that Malaysian gangs have been installing malware into "unattended" ATMs and have tricked the machines into spitting out more than $1 million. That's right, hackers don't have to saw open an ATM machine, they only have to install malware onto an ATM to "jackpot" the machine.
Instead of stealing your credit card data, however, hackers simply target the machine itself. "You don’t have to be an ATM expert or have inside knowledge to generate or code malware for ATMs." said Owen Wild of global ATM manufacturer NCR in an interview with Brian Krebs of KrebsOnSecurity.
He went on to claim that hackers didn't have to install "skimmer" system anymore, and instead were just opting to crack a machine far enough to install malware that told the ATM to shoot as much money out as it could.
Here's the geographical breakdown of attacks on ATMs reported by NCR:
As you can see from the chart, these attacks have moved further and further west between 2013 and 2014. A large part of why these attacks are so easy to pull off might be because many ATMs are actually running - wait for it - Windows XP. That's right, the operating system that Microsoft stopped supporting just this summer.
By not plugging up these security holes, some ATM producers seem to be giving criminals an almost-literal license to print money - or at least steal all the money loaded in these machines..
While we haven't seen cases of ATM fraud hit the U.S. yet, I think that these companies should get their act together and start securing these ATMs. Once hackers find out about these flaws, it might just be open season for turning an ATM into their personal money piñata.
Want more information about ATMs? These might help.
- Scary how ATM skimmers work
- Crooks drain cash in new ATM scam
- You won't believe this elaborate ATM skimmer