#computerhacking | #computer | #Hacking | Vulnerable drivers can enable crippling attacks against ATMs and POS systems

ATMs and point-of-sale (POS) systems have been a target for many cybercriminal groups over the past several years resulting in some of the largest card breaches and money heists in history. While attackers have various ways to break into these machines, researchers now warn that vulnerabilities in the drivers they contain could enable more persistent and damaging attacks.

Researchers from Eclypsium, a company that specializes in device security, have evaluted the security of device drivers, the programs that allow applications to talk to a system’s hardware components and leverage their capabilities. Over the past year, their research project, dubbed Screwed Drivers, has identified vulnerabilities and design flaws in 40 Windows drivers from at least 20 different hardware vendors, highlighting widespread issues with this attack surface.

Most people think of Windows in the context of servers, workstations and laptops, but these are not the only types of devices that run Microsoft’s operating system. Windows is also widespread in the world of ATMs, POS terminals, self-service kiosks, medical systems and other types of specialized equipment. These devices are generally harder to update because they’re used in regulated industries and environments, so updates need to pass strict testing and certification. Taking them offline for extended periods of time can lead to business disruption and financial loss.

Attacks against ATMs can take many forms, the Eclypsium researchers said in a new report:

“Attackers can deliver malware by compromising the banking network connected to the device, by compromising the device’s connection to card processors, or by gaining access to the ATM’s internal computer. And much like traditional attacks, attackers or malware often need to escalate privileges on the victim device to gain deeper access into the system. This is where the use of malicious or vulnerable drivers comes into play. By taking advantage of the functionality in insecure drivers, attacks or their malware can gain new privileges, access information, and ultimately steal money or customer data.”

Vulnerability in Diebold Nixdorf ATM driver

As part of their research project, the Eclypsium researchers found a vulnerability in a driver used in an ATM model from Diebold Nixdorf, one of the largest manufacturers of devices for the banking and retail sectors. The driver enables applications to access the various x86 I/O ports of such a system.

ATMs are essentially computers with specialized peripherals like the card reader, PIN pad, network interfaces or the cash cassettes that are connected through various communication ports. By gaining access to the I/O ports through the vulnerable driver, an attacker can potentially read data exchanged between the ATM’s central computer and the PCI-connected devices.

Moreover, this driver can be used to update the BIOS, the low-level firmware of a computer that starts before the operating system and initializes the hardware components. By exploiting this functionality, an attacker could deploy a BIOS rootkit that would survive OS reinstallations, leading to a highly persistent attack.

To the researchers’ knowledge, the vulnerability hasn’t been exploited in any real-world attack, but based on their discussions with Diebold, they believe the same driver is used in other ATM models as well as POS systems. Diebold worked with the researchers and released patches earlier this year.

Copyright © 2020 IDG Communications, Inc.

Source link


Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

Leave a Reply