Sunday, July 5, 17:05
Home security Driver vulnerabilities make it easier to attack ATMs and PoS

Driver vulnerabilities make it easier to attack ATMs and PoS

According to security firm Eclypsium, vulnerabilities found in Driver programs can make it easier to attack ATM and machinery PoS.

driver

Eclypsium last year inspected 40 Driver programs from 20 different companies and identified serious vulnerabilities in them that could be exploited by hacker to install malware on them. And as the company found, Driver programs used by systems Windows, are the ones that the malicious agents take advantage of to attack ATM and PoS.

In recent years, a lot of news malware have emerged, including Skimer, Alice, CUTLET MAKER, Ploutus, Tyupkin, ATMJackpot, Suceful, RIPPER, WinPot, PRILEX, ATMii and GreenDispenser. Many of these malware allow their operators to carry out so-called "jackpotting" attacks, where the attacker instructs the targeted ATM to distribute cash.

Driver vulnerabilities could allow intruders to escalate and gain "deeper access" to the target system.

As an example, the security company presented a vulnerability it discovered in a Driver program on ATM Diebold Nixdorf. This program provides access to x86 I / O ports. A Driver that provides arbitrary access to input / output ports can be useful in the initial phases of an attack, as it could allow the intruder to gain access to PCI-connected devices, including external devices and the SPI controller, which provides access. in the firmware of the system.

Η vulnerability referred to the supplier, who released updates earlier this year to correct it. On the other hand, these types of security vulnerabilities can be dangerous for a long time, as it usually takes a long time for device manufacturers to release fixes due to compliance requirements.

For example in this case, h Eclypsium says that while her research was completed in May 2019, she could not disclose her findings so far. In addition, it may take a long time for updates to arrive on all end devices, which often still work with older operating systems such as Windows XP and Windows 7.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Bitcoin scam attracts people with "bait" celebrities!

A bitcoin multi-stage scam exposed and used personally identifiable information (PII) to deceive users by prompting them to sign up for a ...

iPhone: What to do to boost your security?

One of the most important features of iOS is security. Rarely does a malicious application pass to ...

COVID-19: New research looks for antibodies in blood donors

The American Red Cross is examining the blood that has come from donations, and is looking for COVID-19 antibodies that will give it ...

Digital Transformation and Business: What Does Its Failure Mean?

Digital transformation is usually a way for businesses to outperform their competitors and get rid of methods that ...

Covaxin: India releases COVID-19 vaccine in August

The whole planet is waiting for the release of the vaccine for coronavirus, while clinical trials have begun in many countries around the world ....

iOS 13.5.1: iPhone users report battery issues

Have you noticed any changes to your iPhone lately? Maybe, for example, the battery runs out quickly ...

Avaddon ransomware: Attacks through Excel 4.0 macros

Microsoft announced yesterday that Avaddon ransomware spread this week through an old technique that came to the fore again. The...

Apple: Prohibits updating Chinese Apps without permission

Apple is banning developers from updating existing apps in China's App Store if they don't have government approval.

Australia: Thousands of MyGov accounts are sold on the Dark Web

Access to more than 3600 MyGov accounts is being sold on the dark web, potentially exposing thousands of Australians to fraud and identity theft.
00:03:03

Party Time: Watch TV with your friends online

Party Time: Watch TV with your friends on the internet Time for a different party than you are used to, watching your favorite ...