- Joined
- May 15, 2016
- Messages
- 14,204
- Likes
- 2,643
- Points
- 1,730
To exploit the vulnerabilities, an attacker needs physical access to the internal components of the ATM.
ATM manufacturers Diebold Nixdorf and NCR have eliminated a number of vulnerabilities in their products, which provided the ability to execute arbitrary code with or without SYSTEM-level rights, as well as carry out illegal cash withdrawals using special commands.
As explainedSpecialists from the CERT team at Carnegie Mellon University, the first vulnerability (CVE-2020-9062) affected Diebold Nixdorf ProCash 2100xe ATMs running on Wincor Probase version 1.1.30. The problem was the lack of a mechanism for encryption, authentication, and message integrity between the CCDM cassette module and the host. As a result, an attacker with physical access to an ATM could intercept and modify messages, for example, about the amount and denomination of funds, and send them to the computer.
A similar vulnerability (CVE-2020-10124) has been discoveredat NCR SelfServ ATMs using APTRA XFS software 04.02.01 and 05.01.00. As in the case described above, the software does not encrypt, authenticate or check the integrity of messages between the bill acceptor (BNA) and the computer.
Two other vulnerabilities (CVE-2020-10125 and CVE-2020-10126) relate to incorrect implementation of certificates for checking BNA updates and incorrect checking of BNA updates, which allowed code to be executed on a host with or without system privileges.
To exploit the vulnerabilities, an attacker needs physical access to the internal components of the ATM.
At the end of July, Diebold Nixdorf announced a new type of black box attacks on ATMs, in which attackers used a copy of the ATM's firmware to interact with the device.
__________________
ATM manufacturers Diebold Nixdorf and NCR have eliminated a number of vulnerabilities in their products, which provided the ability to execute arbitrary code with or without SYSTEM-level rights, as well as carry out illegal cash withdrawals using special commands.
As explainedSpecialists from the CERT team at Carnegie Mellon University, the first vulnerability (CVE-2020-9062) affected Diebold Nixdorf ProCash 2100xe ATMs running on Wincor Probase version 1.1.30. The problem was the lack of a mechanism for encryption, authentication, and message integrity between the CCDM cassette module and the host. As a result, an attacker with physical access to an ATM could intercept and modify messages, for example, about the amount and denomination of funds, and send them to the computer.
A similar vulnerability (CVE-2020-10124) has been discoveredat NCR SelfServ ATMs using APTRA XFS software 04.02.01 and 05.01.00. As in the case described above, the software does not encrypt, authenticate or check the integrity of messages between the bill acceptor (BNA) and the computer.
Two other vulnerabilities (CVE-2020-10125 and CVE-2020-10126) relate to incorrect implementation of certificates for checking BNA updates and incorrect checking of BNA updates, which allowed code to be executed on a host with or without system privileges.
To exploit the vulnerabilities, an attacker needs physical access to the internal components of the ATM.
At the end of July, Diebold Nixdorf announced a new type of black box attacks on ATMs, in which attackers used a copy of the ATM's firmware to interact with the device.
__________________