Monday, July 7, 2008

Vulnerabilities in ATM Network

Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record . More

It is just the tip of the iceberg.

List of vulnerabilities:

1. The bank associates with other banks to enable their customers to withdraw cash from ATM centers of the bank or its associates. But the bank has no control over network of its associates. Another problem, all of them are not using the same technologies and security measures.

2. Most of the times, dedicated servers are not being used by the Bank. Why?? Must be commercial constrains.

3. PINs are not always encrypted while it is transmitted from ATM center to the bank servers. It travels through many servers & networks before it reaches the Bank server and all of them are not secured enough to protect your PINs.

4. ATM’s software are remotely diagnosed and repaired over Internet, which may provide opportunities for hackers to secure access onto the bank server.

1 comment:

simon said...

It seems like ATM hacking is still the way to go for those into a bit of hardware hacking.

atmsecurity.com