Eclypsium last year inspected 40 Driver programs from 20 different companies and identified serious vulnerabilities in them that could be exploited by hacker to install malware on them. And as the company found, Driver programs used by systems Windows, are the ones that the malicious agents take advantage of to attack ATM and PoS.
In recent years, a lot of news malware have emerged, including Skimer, Alice, CUTLET MAKER, Ploutus, Tyupkin, ATMJackpot, Suceful, RIPPER, WinPot, PRILEX, ATMii and GreenDispenser. Many of these malware allow their operators to carry out so-called "jackpotting" attacks, where the attacker instructs the targeted ATM to distribute cash.
Driver vulnerabilities could allow intruders to escalate and gain "deeper access" to the target system.
As an example, the security company presented a vulnerability it discovered in a Driver program on ATM Diebold Nixdorf. This program provides access to x86 I / O ports. A Driver that provides arbitrary access to input / output ports can be useful in the initial phases of an attack, as it could allow the intruder to gain access to PCI-connected devices, including external devices and the SPI controller, which provides access. in the firmware of the system.
Η vulnerability referred to the supplier, who released updates earlier this year to correct it. On the other hand, these types of security vulnerabilities can be dangerous for a long time, as it usually takes a long time for device manufacturers to release fixes due to compliance requirements.
For example in this case, h Eclypsium says that while her research was completed in May 2019, she could not disclose her findings so far. In addition, it may take a long time for updates to arrive on all end devices, which often still work with older operating systems such as Windows XP and Windows 7.