ATM / POS Fraud , Fraud Management & Cybercrime , Fraud Risk Management

2 ATM Manufacturers Patch Vulnerabilities

Diebold Nixdorf and NCR Say Unpatched Flaws Could Permit Deposit Forgery
2 ATM Manufacturers Patch Vulnerabilities

Diebold Nixdorf and NCR have issued patches for ATM software vulnerabilities that could enable a hacker with physical access to the devices to commit deposit forgery, according to the Carnegie Mellon University CERT Coordination Center.

See Also: Tracking and Mitigating Emerging Threats in Third-Party Risk Management

Diebold has patched the software in its 2100xe USB ATM to fix CVE-2020-9062, while NCR has patched its APTRA XFS 04.02.01 and 05.01.00 software used in the company's SelfServ ATMs to fix three vulnerabilities.

Potential Pathway to Theft

The Diebold Nixdorf and NCR vulnerabilities, if exploited, could allow a hacker to intercept communications between various device modules and falsely increase the amount of money being deposited, according to a CERT alert.

To steal money, a hacker would need to complete several steps, starting with accessing an ATM's internal components to get to its communications system, the alert explains.

Then, the hacker would deposit currency and modify messages from the Cash/Check Deposit Modules, or CCDM, to the host computer to indicate a greater amount or value than was actually deposited. Finally, the hacker would make a withdrawal for the artificially increased amount of currency.

Issues in Diebold Nixdorf ATMs

Diebold Nixdorf ATMs running Probase version 1.1.30 are susceptible to CVE-2020-9062, according to the alert. The issue is a lack of encryption, authentication and verification in the communications between the CCDM and the host computer.

"An attacker with physical access to internal ATM components can intercept and modify messages, such as the amount and value of currency being deposited, and send modified messages to the host computer," the alert states.

Diebold Nixdorf recommends ATM owners immediately update the software to apply the patch. It also recommends limiting physical access to ATM’s internal components, adjusting deposit transaction business logic and implementing fraud monitoring.

NCR ATM Vulnerabilities

NCR's SelfServ ATMs using APTRA XFS 04.02.01 and 05.01.00 software are susceptible to similar attacks due to three flaws, the alert states.

  • The model does not encrypt, authenticate or verify the integrity of messages between the bunch note accepter and the host computer.
  • The 512-bit RSA certificates used to validate BNA software updates in the ATM can be broken by a hacker, enabling execution of arbitrary code.
  • The software does not properly validate updates for the BNA.

"An attacker with physical access to internal ATM components can restart the host computer. During boot, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive. This allows an attacker to execute arbitrary code with system privileges," the alert says.

Obtaining the money from a hacked NCR ATM requires a process similar to that used for the Diebold Nixdorf machines.

To fix all three issues, KB CERT recommends ATM owners immediately update the NCRSelfServ software to APTRA XFS version 06.08, which includes the patches.

Another Vulnerability

Earlier, Diebold Nixdorf reported that some of its ATMs were targeted by "jackpotting" or "cash-out" incidents in several European countries.

The company reported that its ProCash 2050ex ATMs located outdoors were vulnerable to an attack called "black box" (see: Diebold Nixdorf: ATMs in Europe Hacked).


About the Author

Chinmay Rautmare

Chinmay Rautmare

Senior Correspondent

Rautmare is senior correspondent on Information Security Media Group's Global News Desk. He previously worked with Reuters News, as a correspondent for the North America Headline News operations and reported on companies in the technology, media and telecom sectors. Before Reuters he put in a stint in broadcast journalism with a business channel, where he helped produced multimedia content and daily market shows. Rautmare is a keen follower of geo-political news and defense technology in his free time.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.