Thursday, January 21, 12:13
Home security Driver vulnerabilities make it easier to attack ATMs and PoS

Driver vulnerabilities make it easier to attack ATMs and PoS

According to security firm Eclypsium, vulnerabilities found in Driver programs can make it easier to attack ATM and machinery PoS.

driver

Eclypsium last year inspected 40 Driver programs from 20 different companies and identified serious vulnerabilities in them that could be exploited by hacker to install malware on them. And as the company found, Driver programs used by systems Windows, are the ones that the malicious agents take advantage of to attack ATM and PoS.

In recent years, a lot of news malware have emerged, including Skimer, Alice, CUTLET MAKER, Ploutus, Tyupkin, ATMJackpot, Suceful, RIPPER, WinPot, PRILEX, ATMii and GreenDispenser. Many of these malware allow their operators to carry out so-called "jackpotting" attacks, where the attacker instructs the targeted ATM to distribute cash.

Driver vulnerabilities could allow intruders to escalate and gain "deeper access" to the target system.

As an example, the security company presented a vulnerability it discovered in a Driver program on ATM Diebold Nixdorf. This program provides access to x86 I / O ports. A Driver that provides arbitrary access to input / output ports can be useful in the initial phases of an attack, as it could allow the intruder to gain access to PCI-connected devices, including external devices and the SPI controller, which provides access. in the firmware of the system.

Η vulnerability referred to the supplier, who released updates earlier this year to correct it. On the other hand, these types of security vulnerabilities can be dangerous for a long time, as it usually takes a long time for device manufacturers to release fixes due to compliance requirements.

For example in this case, h Eclypsium says that while her research was completed in May 2019, she could not disclose her findings so far. In addition, it may take a long time for updates to arrive on all end devices, which often still work with older operating systems such as Windows XP and Windows 7.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

QAnon fans: Disappointed on social media after Biden was sworn in

Some QAnon supporters have expressed frustration at online forums and chat rooms over Joe Biden's swearing-in. Most...

COVID-19: Amazon wants to help Biden distribute the vaccines

Amazon has offered to help President Biden distribute COVID-19 vaccines. The letter from Dave Clark, vice president ...

Nitro PDF: Leaked database with 77 million user files!

Hacker leaked on January 20 a stolen database containing email addresses, names and passwords for over ...

Hackers provide free online 2 million Pixlr user files!

Hackers have leaked 2 million Pixlr user files containing information that could then be used to execute ...
00:02:09

Donald Trump: Thanks to Lil Wayne, not to Julian Assange!

Outgoing US President Donald Trump will award today thanks to rapper Lil Wayne in a final wave of pardon that ...
00:02:28

NASA: Uses AI to locate new craters on Mars

https://www.youtube.com/watch?v=e8qCSD3fA50 Τα τελευταία 15 χρόνια, το Mars Reconnaissance Orbiter της NASA περιφέρεται γύρω από τον Άρη μελετώντας...

Windows 10: How to view recently installed updates

Microsoft frequently updates Windows 10, but it is not always clear when each update is installed. Fortunately, there are two easy ways ...

Lorex launches a bell with a 2K camera that detects faces

Lorex launches a new device for smart homes - the bell called "2K QHD Wired Video Doorbell with Person ...

Security awareness is not enough to deal with threats

Significant changes have been made in recent years in dealing with cyber threats. The human factor is now taken seriously in safety. For example,...

MeWe: Gained 2,5 million users in one week!

The social networking platform MeWe saw the number of its users increase significantly after the WhatsApp scandal.