Golden rule of ATM's
The keyboard and buttons on the front of an ATM must only be usable during normal operation for specified known functions.
A chance finding by a German security researcher has revealed ATMs run by German Bank Sparkasse leaked potentially sensitive information during a software update. Benjamin Kunz-Mejri, chief exec and founder of Germany based security firm Vulnerability Lab, came across the problem when he unsuccessfully attempted to use his …
The user terminal(s) and the system console should be separate pieces of hardware. Maintenance should only be possible in single user mode from the system console. The system console should be located in a physically secure location.
Unix boxes had all this figured out at least 100 years ago.
That is too technical for thieves over here, in Germany. They just fill the ATMs up with gas and let them blow up, then they run off with the money...
Somewhere around 70 attacks this year, I think (report on German TV on Wednesday).
They are now starting to upgrade the machines with dye packets, to colour the money in the event of an explosion...
there is actually also a rear screen to ATMS (a small lcd afffair, usually for hardware peripheral checks though) and a separate full qwerty keyboard.
and since it's an actual PC, a monitor port
there shouldn't be anything not related to performing basic actions on an account that should show on the front screen
but i worked in a bank and performed a lot of daily ATM duties, and i've seen how this wasn't exactly a consideration
No, actually it's the US Dollar that has crashed, leaving it with such little value that it's cheaper than the cleaning tissues they would normally use.....
Paris, because it looks like she's overdrawn either way..... (gets me coat and instant teller card).....
I had to laugh at the "Bank Sparkasse" term. That shows that the writer of the piece at SecurityWeek has never lived in Germany.
Sparkasse is a generic term and means "Savings and Loans". German S&Ls are generally locally-owned organizations loosely organized under an umbrella group.
So, each city has one or more different Sparkasse organizations. There is no one "Bank Sparkasse."
Who/why would somebody design an ATM like that? Even my godforsakenly secure CF-53 Toughbook won't say 'Boo!' without a BIOS/hard drive password*. Mebbe Panasonic should make voting machines & ATMs...
*Sad torrid story concerning my 5-year-warranteed baby, a $100 4GB RAM upgrade at a 'Panasonic Authorized Service' computer store, a suddenly missing owner, suddenly missing money, a deputy sheriff handing me my partially disassembled Toughbook, a bag of parts, a 2 month possession of half the dining room table, eventual successful assembly, encountering lockout, overnighted box from Panasonic NSC, and week later evening phone call requesting $800+ to finish RAM install. Final chapters not written yet, have a phone call to make, maybe several. /sigh
Biting the hand that feeds IT © 1998–2020