[Aug 11, 2018]
Researchers have disclosed the details of two serious vulnerabilities affecting ATM currency dispensers made by NCR (ATM machine Parts).
The flaws have been patched, but they could have been exploited to install outdated firmware and get ATMs to dispense cash.
The method, which the researchers described as a “logical attack,” requires physical access to the targeted device. In this particular case, an attacker could have leveraged the poor physical security of the targeted dispenser controller to connect to it, install vulnerable firmware, and issue commands that would instruct the machine to dispense cash.
The researchers notified NCR of their findings and the vendor released critical firmware updates in February that should provide better protection against such attacks.
Cyber Security Tips: (For Using ATM)
- Don’t write down your PIN number anywhere, at least not on your ATM card. Memorize it.
- Do not use the ATM where the card reader appears to be tampered with, broken, scratched, damaged, sticky with glue, has extra wiring or loose parts around the slot, difficulty in inserting the card etc. These could be signs of skimming machine having been installed.
- If there are people around, make sure that you shield your hand while entering your PIN.
- Register yourself for SMS alert whenever your account is accessed.
- Change your PIN numbers as often as convenient.