funsec mailing list archives

Re: Operating System in US ATMs

From: "Vitaly McLain" <vitaly.mclain () gmail com>
Date: Tue, 3 Jun 2008 22:11:15 -0400

There's really a plethora of operating systems to be found on ATMs.
Many older ones are just CICS screens or similar. OS/2 was also very
popular, but as mentioned, Windows XP is taking over. In internal
penetration tests, it's not uncommon to compromise a Diebold ATM
because they often lack patches for common vulnerabilities, such as
NetAPI. That's scary, but then again there are a lot of hurdles to
clear before you can make this access useful. You have to be on the
internal network first, then you have to find a way to read inputted
information (I believe pin-pads are encrypted at some point?), etc.
Certainly possible, but it's not low hanging fruit -- especially when
stand-alone ATMs like Triton and Tranax can often be easily
cleaned-out with a pre-paid debit card, the right button combo on the
keypad and a default password.

vitaly
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Operating System in US ATMs Bruce Ediger (Jun 03)
- Re: Operating System in US ATMs Kyle C. Quest (Jun 03)
  - Re: Operating System in US ATMs Alex Eckelberry (Jun 03)
    - Re: Operating System in US ATMs Vitaly McLain (Jun 04)
  - Re: Operating System in US ATMs Predrag Ivanovic (Jun 04)
- <Possible follow-ups>
- Re: Operating System in US ATMs Juha-Matti Laurio (Jun 05)
  - Message not available
    - Re: Operating System in US ATMs Kevin McAleavey (Jun 05)
  - Re: Operating System in US ATMs Gary Warner (Jun 06)