A look at how ATM Security has changed…and how it hasn’t

on "October 16, 2018 9:23 am"

More than a decade ago, when the internet was still in its early growth phase, thieves didn’t have a lot of access to ATMs, their manuals or hardware components. Today, thieves can more easily purchase ATMs themselves, pick up cost-effective components, find detailed information about specific ATM models online and network with other hackers to gain insights on new attack methods.

101618 DN header

In addition, many ATMs are 10 years old, and some even older—so thieves have had a long, long time to familiarize themselves with the machines. Needless to say, obscurity is no longer an option as a security strategy.

The Obscurity Advantage Has Shifted to Criminals

If you are managing an ATM network with a handful of terminals, those machines are probably in protected, monitored locations. But for ATM operators managing a network of a few hundred or even a few thousand terminals, not every ATM is in a location where it can be closely monitored. Think about your ATM locations—are any of them freestanding? Are they in a remote location, store or unmonitored location? How closely are your terminals monitored after-hours?

Consider that criminals can access an ATM, remove the hard drive and apply malicious code in well under 30 minutes.

This is where hard disk encryption and advanced BIOS password management become critically important to securing an ATM network. We designed DN AllConnect Managed Security Services℠ to complement banks’ existing security frameworks with robust monitoring, updates and management capabilities to limit access to a terminal, and prevent the ability to tamper with the internal software stack.

Jackpotting & BIOS Attacks

Jackpotting covers a broad range of cyber-attacks and occurs most often in conjunction with some type of physical attack, such as drilling a hole to insert an endoscope. Cyber prevention such as encrypting the hard drive—and ensuring updates are made in a timely fashion—prevents thieves from applying malicious code to the hard drive (which contains the operating system and the financial services layer), reducing the attack surface of the ATM. Additionally, encryption stops hackers from accessing sensitive data like configuration files and other information stored on the ATM’s hard disk, which can be sold online. When combined with a thriving second-hand ATM components market, this provides a test bed for producing malware.

The BIOS (basic input/output system) controls the hardware, booting the ATM and selecting the hard disk to boot off. If criminals access the BIOS, they can simply direct the ATM to boot off of their drive instead, bypassing the terminal’s software entirely. If a large fleet has many techs and other personnel involved in servicing and maintaining ATMs, who all have access to the same passwords, there is more opportunity for this type of cyber-attack.

Your approach to locking down the BIOS should include comprehensive password management, with an eye on mitigating default or widely known passwords, randomizing passwords and providing techs with a temporary password that allows them to access the terminal during a specific window of time or for a specific purpose.

The Holistic Approach to ATM Security

Diebold Nixdorf is an advocate of a multi-layered, holistic approach to ATM security, one that acknowledges the shifting trends in attacks, and provides an ironclad foundation for success. Tighter password control, hard drive encryption, intrusion protection, security monitoring and as-a-service support can all help bridge the gaps in security across your self-service network.

Interested in learning more? This email address is being protected from spambots. You need JavaScript enabled to view it. about your network’s specific needs, and how we can help address the top priorities on your security roadmap. In the meantime, check out our recent podcast, “Security Management: A Changed Approach,” and subscribe to our channel, Commerce Now, for the latest in emerging trends and fintech conversations.

DN footer