ATMs Are Insecure

ATMs Are InsecureNext time you’re getting cash from the ATM, think hard. How secure is it? According to security company Network Box, not very.   Vnunet cites the company as saying that ATMS are vulnerable to I P worms, disruption of the IP network and denial of service, and the harvesting of transaction data formalicious purposes.   These days the majority of ATMS are based on PC and Intel hardware, with a TCP/IP connection for the payment processor. The PIN is encrypted, but the messages sent to andfrom the machine are not, meaning most of the information can easily be read.   Mark Webb-Johnson, chief technology officer at Network Box, said,   “Most people simply assume thatbecause an ATM is invariably provided by a bank, the transactions and the data being transmitted must be secure. We have already seen how the Nachi worm crossed over into ‘secure’ networks andinfected ATMs for two financial institutions, and SQL Slammer indirectly shutdown 13,000 Bank of America ATMs. If banks do not use technology that canprovide an effective level of protection it is very likely that more high-profile attacks will follow."   The company is recommending that all data be encrypted, and that ATM networks beseparated from the rest of the bank’s networks.  

Editors' Recommendations