Attackers began to drill holes into ATM's last year. For example, in autumn 2016 Vice - Chairman of the Russian bank Sberbank Stanislav Kuznetsov told reporters that the scammers have adopted new technique "drilled box". "Hackers first drill a hole in the ATM and then connect cable. By using cable attackers can immediately siphoned off money," he explained.
Of course security specialists at Kaspersky notice this new attack. At the conference "Security Analyst Summit" researchers from "Kaspersky Lab" talked about this technique in more detail. This method is more easier unlike complex and large-scale Malware campaigns that include compromising the networks of banks and infecting ATMs. The attacker need only powerful drill and custom gadget assembled for $15, which will give command to dispenser of the ATM.
The experts did not say the names of the affected banks and models of ATMs. However, it is known that the ATMs were drilled not only in Russia, but also in Europe.
The investigation by "Kaspersky Lab" began when the representatives of an unnamed Bank detected the hole in robbed by hackers ATM and addressed called the specialists. The device was completely whole and safe. But it was the hole with size of a Golf ball, which was drilled next to the keyboard, and then masked with a sticker. When the number of such robberies has exceeded ten, the police arrested the suspect and seized his laptop and cable that he used for hacking.
"We were wondering how it is possible to control the ATM by drilling one hole and plugging single cable? It turned out that in this way you can perform anything", — said Igor Soumenkov.
For testing professionals taken the same ATM, which was compromised by the attackers. It is old model, used since the 1990-s. After removing the front panel of the device, the experts found the serial port that was available through the drilled hole. Through this port it is possible to access the internal cable of the ATM and have ability to control the dispenser, user interface and so on.
Researchers spent five weeks to decode the Protocol of internal communication of the ATM with the help of logic analyzer and oscilloscope. In the end it turned out that authentication between the various modules of the ATMs can not exist and the ATMs use weak XOR code, which is quite easy to crack. With this knowledge the researchers were able to build their own device for hacking.
The device cost to the experts just $ 15. It consisted of a breadboard, microcontroller Atmega (can be found in microcomputers Arduino), condensers, adapter and battery at 9 volts. The researchers successfully reproduced the attack.
As it turned out, the attack speed is limited. After some time the ATM started notice that the dispenser worked incorrectly, and ATM rebooted. However, until then the device anyway gives to attackers few thousand dollars. In addition, the attacker usually can repeat the attack several times.
The specialists of "Kaspersky Lab" note that the manufacturers of the vulnerable devices are already aware of the problem, but it's not so easy to fix it. To upgrade ATMs on-line in this case is impossible, and therefore, is either to change in vulnerable ATM hardware or add new physical protection such as security cameras and limits access to shell of ATM.
It is worth noting that according to European ATM Security Team (EAST) physical attacks on ATMs are not just a problem, but the number of such attacks is growing steadily. For example, according to the report of the group for the first six months of 2016 year 492 cases of ATM's hacking for stealing money were recorded . For comparison, over the same period in 2015 year, the ATM hacking was only 273 times.
Of course security specialists at Kaspersky notice this new attack. At the conference "Security Analyst Summit" researchers from "Kaspersky Lab" talked about this technique in more detail. This method is more easier unlike complex and large-scale Malware campaigns that include compromising the networks of banks and infecting ATMs. The attacker need only powerful drill and custom gadget assembled for $15, which will give command to dispenser of the ATM.
The experts did not say the names of the affected banks and models of ATMs. However, it is known that the ATMs were drilled not only in Russia, but also in Europe.
The investigation by "Kaspersky Lab" began when the representatives of an unnamed Bank detected the hole in robbed by hackers ATM and addressed called the specialists. The device was completely whole and safe. But it was the hole with size of a Golf ball, which was drilled next to the keyboard, and then masked with a sticker. When the number of such robberies has exceeded ten, the police arrested the suspect and seized his laptop and cable that he used for hacking.
"We were wondering how it is possible to control the ATM by drilling one hole and plugging single cable? It turned out that in this way you can perform anything", — said Igor Soumenkov.
For testing professionals taken the same ATM, which was compromised by the attackers. It is old model, used since the 1990-s. After removing the front panel of the device, the experts found the serial port that was available through the drilled hole. Through this port it is possible to access the internal cable of the ATM and have ability to control the dispenser, user interface and so on.
Researchers spent five weeks to decode the Protocol of internal communication of the ATM with the help of logic analyzer and oscilloscope. In the end it turned out that authentication between the various modules of the ATMs can not exist and the ATMs use weak XOR code, which is quite easy to crack. With this knowledge the researchers were able to build their own device for hacking.
The device cost to the experts just $ 15. It consisted of a breadboard, microcontroller Atmega (can be found in microcomputers Arduino), condensers, adapter and battery at 9 volts. The researchers successfully reproduced the attack.
As it turned out, the attack speed is limited. After some time the ATM started notice that the dispenser worked incorrectly, and ATM rebooted. However, until then the device anyway gives to attackers few thousand dollars. In addition, the attacker usually can repeat the attack several times.
The specialists of "Kaspersky Lab" note that the manufacturers of the vulnerable devices are already aware of the problem, but it's not so easy to fix it. To upgrade ATMs on-line in this case is impossible, and therefore, is either to change in vulnerable ATM hardware or add new physical protection such as security cameras and limits access to shell of ATM.
It is worth noting that according to European ATM Security Team (EAST) physical attacks on ATMs are not just a problem, but the number of such attacks is growing steadily. For example, according to the report of the group for the first six months of 2016 year 492 cases of ATM's hacking for stealing money were recorded . For comparison, over the same period in 2015 year, the ATM hacking was only 273 times.