Angry Birds on a hacked ATM! Must see!

[video_embed maxwidth="700"][/video_embed]

I would guess the ATM got hacked using an exploit stored on the card itself. In this case, whoever allowed unrestricted / unsigned / any code running on an ATM machine needs to get fired immediately. I just can’t believe they have not even bothered enabling application white listing using a simple group policy / domain policy setting.

The second video is worth watching as well:

[video_embed maxwidth="700"][/video_embed]

Is your average ATM affected? You’re damn right it is. I haven’t seen a single sane INFOSEC aware bank having implemented proper security measures on their cash machines. It’s sad, but true.

If you are working at a bank:

  1. Implement proper OS hardening. What were all these files doing on the drive? cmd.exe and the onscreen keyboard, among hundreds of others, should not be even present on the drive!
  2. Implement proper policies (be it local or domain). Do not allow unsigned / unknown applications to run.
  3. Uninstall the flash / java plugins from the browser and / or uninstall any browsers present. If you need them – bring them on a flash drive when doing maintenance or access them remotely from a network drive / share.
  4. Run the machine as Guest during normal operation, or at least as a limited user?
  5. Maybe, try *THINKING* next time you try setting up an ATM?

 

 

Posted in:
About the Author

Alexander Sverdlov

Alexander Sverdlov is the founder of NoPasara, author of numerous Information Security papers and articles published in CIO and other InfoSec magazines, speaker at the largest Russian INFOSEC Conference - PHDays. Certifications: CEH (Certified Ethical Hacker), CHFI (Certified Hacking Forensic Investigator), MCSE (Microsoft Certified Systems Engineer)