Friday, March 07, 2008

ATM + Microsoft Windows = Security Problem

I already suspected that using Windows on an ATM machine was not a good idea. But recent security tests proved that Windows-based cash machines are easily hacked.

Security experts have hacked ATMs to show how easy it is to steal money and bank account details from modern cash machines.

Network Box illustrated this threat by showing that only the personal identification number was encrypted when information was sent from a U.S. ATM to networked bank computers. The card numbers, card expiration dates, transaction amounts, and account balances were clearly readable in plain text to anybody intercepting the data as it traveled through the network.

Since ATM Machines are basically equivalent to desktop PCs (they usually are based on Intel hardware and Windows operating systems), they have the same vulnerabilities as a normal house computer. That is, an exploit that works on a home or office computer, will also work on these ATMs. In fact, the risk may even be greater as the update process of such machines may not be as frequent as in a normal user's computer.

No comments: