Vulnerable USB drivers exist in pretty much every OS. For example, here's a vulnerable USB driver under Linux: https://labs.mwrinfosecurity.com/system/assets/153/original/... , and a vulnerability in the FAT filesystem: http://people.canonical.com/~ubuntu-security/cve/2013/CVE-20... . Those were found with real simple googling, I could find others with a tiny bit more work. Unfortunately, most kernel development teams do not spend anywhere near the time they should ensuring that the code they write is hardened and modular, so such attacks will only continue until we demand better development hygiene.
"a cyberattacker must connect the ATM to a mobile phone via USB tethering"
I've never seen ATMs (at least here in Switzerland) which you could just walk up to and plug in a USB device. Do Mexican ATMs come with USB ports on the front of the device?!
There was an article on here recently about a technique using this attack. Transpires that the usb port is under the cover at the front of the device, you just need to know where to cut the hole.
The most wonderful part is that whoever wrote the software had the insight to add a phone verification step so other crooks couldn't run off with their software.
I remember from seeing a vandalised ATM (La Poste I think?) that the keypad was connected with what looked like that same 5 pin connectors you see on internal USB interfaces.
If that's the case, I imagine that yes, you could just walk up, remove keyboard, connect trojan device + mini usb hub, reconnect and replace keyboard then walk off. If space is an issue then one of those micro usb to bluetooth relay thingies and keep the trojan device out.
Then again, that was 5+ years ago and it could just as easily have been some other type of connector altogether vOv
So it's not as easy as walking into your bank, sending a text message to the ATM and walking out with a lot of free money.
You actually need physical access to a USB port of the ATM which is hidden somewhere inside. So I guess the hack here is that the money inside an ATM is very well hidden and even protected by exploding paint barrels so it cannot normally be stolen even with physical access for a long period of time. But it is possible to get the Windows XP based software to dispense money from the safe by injecting a trojan through USB.
Unfortunately, the article does not make that very clear.
Also you have to get to an USB port, seems like attackers know for some ATMs where to cut a hole in for that. But the real problem is that the machine isn't isolated well enough through hardware design. Just imagine you could access and replace the HDD. While it may use an XP exploit, that's not the real problem.
Since the life time end of normal XP (not even the embedded version), those "XP will doom our money" news spawn everywhere for no good reason.
Would be interesting to see if NSA mounted those hardware exploits in ATMs, that would mean that you just need proximity to the ATMs. Or to think even bigger what if those trading robots hardware have those exploits?
NSA already affected the Web giants and Internet Security. If technical details on those hardware exploits, leak and make their way to a restricted few or the public then financial hardware is at risk and with it the financial industry.
With Russia having Snowden, I think those US bonds are not the only way that could inflict some damage.
I was discussing this the other day with my friend. To the best of my knowledge (and please, if you know better then let me know) these attacks are only effective against the portable ATM machines like you'd find in small shops rather than "fixed installations".
As much as windows XP probably makes barriers to entry easier (well, that combined with generic locks) is this really much different to what Barnaby Jack was doing back in 2010 at Defcon[1]?
17 comments
[ 4.6 ms ] story [ 50.7 ms ] threadI've never seen ATMs (at least here in Switzerland) which you could just walk up to and plug in a USB device. Do Mexican ATMs come with USB ports on the front of the device?!
Don't forget:
"Law 3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore." http://technet.microsoft.com/en-us/magazine/2008.10.security...
EDIT: Found it. https://news.ycombinator.com/item?id=6984821
The most wonderful part is that whoever wrote the software had the insight to add a phone verification step so other crooks couldn't run off with their software.
Popping in one of these can not be that hard. http://www.newegg.com/Product/Product.aspx?Item=N82E16833320...
If that's the case, I imagine that yes, you could just walk up, remove keyboard, connect trojan device + mini usb hub, reconnect and replace keyboard then walk off. If space is an issue then one of those micro usb to bluetooth relay thingies and keep the trojan device out.
Then again, that was 5+ years ago and it could just as easily have been some other type of connector altogether vOv
[✓] Trojan horse in physical, symbolic, form.
[✓] Fluffy cloud to represent network "stuff".
[✓] Shopping cart full o' ca$h.
You actually need physical access to a USB port of the ATM which is hidden somewhere inside. So I guess the hack here is that the money inside an ATM is very well hidden and even protected by exploding paint barrels so it cannot normally be stolen even with physical access for a long period of time. But it is possible to get the Windows XP based software to dispense money from the safe by injecting a trojan through USB.
Unfortunately, the article does not make that very clear.
Since the life time end of normal XP (not even the embedded version), those "XP will doom our money" news spawn everywhere for no good reason.
TL;DR: It's primary a hardware design issue.
NSA already affected the Web giants and Internet Security. If technical details on those hardware exploits, leak and make their way to a restricted few or the public then financial hardware is at risk and with it the financial industry.
With Russia having Snowden, I think those US bonds are not the only way that could inflict some damage.
As much as windows XP probably makes barriers to entry easier (well, that combined with generic locks) is this really much different to what Barnaby Jack was doing back in 2010 at Defcon[1]?
[1] http://www.youtube.com/watch?v=bidDXuM4-2E