funsec mailing list archives
Re: Operating System in US ATMs
From: "Vitaly McLain" <vitaly.mclain () gmail com>
Date: Tue, 3 Jun 2008 22:11:15 -0400
There's really a plethora of operating systems to be found on ATMs. Many older ones are just CICS screens or similar. OS/2 was also very popular, but as mentioned, Windows XP is taking over. In internal penetration tests, it's not uncommon to compromise a Diebold ATM because they often lack patches for common vulnerabilities, such as NetAPI. That's scary, but then again there are a lot of hurdles to clear before you can make this access useful. You have to be on the internal network first, then you have to find a way to read inputted information (I believe pin-pads are encrypted at some point?), etc. Certainly possible, but it's not low hanging fruit -- especially when stand-alone ATMs like Triton and Tranax can often be easily cleaned-out with a pre-paid debit card, the right button combo on the keypad and a default password. vitaly _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Operating System in US ATMs Bruce Ediger (Jun 03)
- Re: Operating System in US ATMs Kyle C. Quest (Jun 03)
- Re: Operating System in US ATMs Alex Eckelberry (Jun 03)
- Re: Operating System in US ATMs Vitaly McLain (Jun 04)
- Re: Operating System in US ATMs Predrag Ivanovic (Jun 04)
- Re: Operating System in US ATMs Alex Eckelberry (Jun 03)
- <Possible follow-ups>
- Re: Operating System in US ATMs Juha-Matti Laurio (Jun 05)
- Message not available
- Re: Operating System in US ATMs Kevin McAleavey (Jun 05)
- Message not available
- Re: Operating System in US ATMs Gary Warner (Jun 06)
- Re: Operating System in US ATMs Kyle C. Quest (Jun 03)