As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft's decision to withdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.
MORE REASONS TO UPGRADE
Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs.
'What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time.' researchers said.
HARDWIRED Malware for ATMs
According to researchers - In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.
To install the malware into ATMs machines, hacker must connect the ATM to a mobile phone via USB tethering and then to initiate a shared Internet connection, which then can be used to send specific SMS commands to the phone attached or hardwired inside the ATM.
'Since the phone is connected to the ATM through the USB port, the phone also draws power from the connection, which charges the phone battery. As a result, the phone will remain powered up indefinitely.'
HOW-TO HACK ATMs- Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.
- The attacker sends two SMS messages to the mobile phone inside the ATM.
- SMS 1 contains a valid activation ID to activate the malware
- SMS 2 contains a valid dispense command to get the money out
- Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
- Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
- Amount for Cash withdrawal is pre-configured inside the malware
- Finally, the hacker can collect cash from the hacked ATM machine.
Researchers have detected few more advanced variants of this malware, some attempts to steal customer card and PIN data, while others attempt man-in-the-middle attacks.
This malware is now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
An ATM machine is where the moolah is. If you ever thought of getting your hands on the money in ATM, this how you need to chanelise your thoughts.
First of there is no easy no easy way to hack an ATM machine. With growing number of banks and their customers, ATM networks are growing. And they are becoming increasingly tough to hack. The most common ATMs these days are wincor nixdorf ATM, Diebold ATM and Defcon ATM.
Second, don’t be mused by arbitrary ATM hack tricks like:
- Hacking ATM using SIM card
- ATM hacking through USB drive
- Hacking ATM using a card with blank strip
- Hacking ATM using mobile phone, through some App
These trick are bogus and are worthy only to be shared as WhatsApp forward jokes.
To become a serious hacker, you first of all need to get your hands on the right tools. A hacker is always known by the tools he uses. These tools constitute combination of right hardware (card, card writer, etc) and a right mindset.
Network Approach – A slightly older yet popular way for hackers was to interrupt X.25 network with MITM (Man In The Middle) hack. This hack essentially makes the ATM understand that it has received authorization to dispense money at the request of the hacker. ATM has to be working on X.25 network for this hack to succeed.
Card skimmers – This is a physical method. Most common and simple method to hack an ATM is to use a Card Skimmer tools. These are usually a combination of a card reader (intelligently installed onto the ATM’s card slot) along with a keypad (placed over the ATM’s keypad). As soon as the card is dipped into the slot on ATM, the card reader records the card details and the key presses are logged into the skimmer keypad. Then you can write the skimmed card details onto a blank card and get the clone of the original ATM card. This clone card would work on any ATM and get you all the cash in the victim’s bank account.
ATM master key – This method grants you access to ATM’s maintenance mode where you can withdraw funds from the ATM by manipulating ATM software. And no one’s account would get debited (other than the target bank). This method can be used to withdraw cash from ATM without actually meddling with the machine or causing any damage. One needs to visit the target ATM first to check the manufacturer and model details. Once you have them, just go to ebay or AliBaba and find the suitable ATM maintenance master key. Master key will lead you to the motherboard of the ATM where you can plug in the update USB key and withdraw all the cash in the machine.
Additionally there other remote ATM hacking tools (Dillinger) and rootkits (Scrooge) which can be downloaded and used at the ATM.
VN:F [1.9.22_1171]
VN:F [1.9.22_1171]
How to hack an ATM machine, 6.3 out of 10 based on 33 ratings