My ATM Cash machine revealed all

I was in Slovakia this week and had an interesting experience.
Went to an ATM cash machine.

Requested cash and a receipt. The card and cash popped out ok but before any receipt emerged the machine hung, then the screen showed the machine rebooting.

It went through the whole POST test in front of my eyes. This cash machine appeared to be running an intel P4 with IBM's OS/2 operating system.

Then it provided screen output as it ran through what I guess was a system check displaying the path of a whole lot of files

c:\nexis\* (I think it said nexis).

What I found interesting is that it didn't reboot with no screen output? I had previously thought ATM cash machines would be fairly secure but after reading sahirh's comment that he is employed to do penetration testing on ATM cash machines I don't feel so good about the integrity of my cash

Could a malicious hacker use the screen output I described for attempting a penetration?

I've only recently started research into the security of embedded systems so its far from my forte, hopefully someone more in the know will add to this.

Your basic ATM cash machine is very often just a Windows box.. most people don't know this because the interface is designed to hide the windows elements (think of the ATM interface as a full screen program, but if you could somehow press alt+tab, you'd get a desktop !!).. This is why its imperative that ATM machine networks be kept separate from production networks. I believe earlier that ATM's ran on X.25 networks, however I recently spoke to the IT head at a newly opened bank and he told me quite firmly that it now all runs on IP (I guess that would make sense).

In other words, if an attacker was able to gain access to the ATM network, he could attack the systems therein.. after that I have no clue how strong the security of the actual ATM application would be, but I am quite sure it would be pathetically weak given that its not designed to be tampered with in that way.

This has got my interest up.. if anyone finds any more information, chuck it in here.


BTW in 'Stealing the network - how to own a continent', one of the characters actually does some ATM hacking... given that it turned up in that book, I would say there is more than an element of truth.


Cheers,

A couple of us have been joking about finding that Alt+Tab key.

Would engineers ever access the ATM from the user end for troubleshooting or maintenance? What happens if the ATM is not accessible for a long time cause the building it backs into is locked (eg a bank).

Maybe there is a key sequence or perhaps they have a card with a cable that attaches to a laptop. They insert the card and then have access to a console interface (similiar to CLI on a Cisco router)?

All pure speculation but interesting none the less.

Haha or maybe they use VNC

Every ATM machine has a computer inside. As all computers they might crash sometimes but it doesnt make them unsecure. All the inputs and outputs on the ATM are encrypted via 3DES.

Thanks


Hakan Törehan

once, i was in a branch of HSBC (my local branch) in London, and i saw an ATM machine being loaded up with cash. i went over to the guy who was doing it all, and out of curiosity asked him how does one access the ATM machines?? After a brief span of a glaring look at me, he relented. what i learnt was that every ATM is guarded by a two pronged security net. the way of gaining access to a machine is as follows:

1. the guy in charge goes up to the front panel of the atm, and inserts a card normally into the slot. now this is a special card, and the machine reads the chip off the card (i am talking chip and pin here). once the card is read by the machine, the machine asks for a specific security code which is unique to that atm machine only. even that card is unique to that machine. the guy punches the code in. the machine does the number crunching and locks up the front panel keyboard instantly, and rolls out a piece of paper. that paper holds the last balance info on that machine. then it enables a small keypad at the back of the machine (only accessible from the back of the machine, which is usually in the bank premises).

2. the guy now punches another set of codes into this small keypad at the back, and releases a door at the back of the ATM.

but hey this is not all!!

3. this guy, has a special laptop or i should say a custom made laptop, which he connects to a RS - 422 connector at the back of the ATM machine, and unlocks the doors to the seperate cabinets which holds the cash in different denominations.

now the bank manager who was overseeing all this lengthy process stashes the machine up, and this guy with the laptop locks the ATM up in the same sequence, but this time backwards.

the locking sequence is:

1. he locks the cash cabinets with his laptops.

2. then he pushes the door shut, and punches the code in the lock it.

3 he now goes back to the front panel, and pushes his card in again, which enables the front panel keyboard. he punches the special code, which reels out another set of paper saying how much balance there is, and confirmation that the machine is working fine now.

with that in hand, he tells the bank manager to let the customers use the machine again!!!

i would suppose behind all this three fold security, the basic OS structure of the ATM would be pretty flimsy. but the elaborate sequence of security cards, codes, and laptops, sure looked pretty secure to me!!!

with the end nodes of an ATM network (i.e. ATM machines) being so secure, i wouldn't worry about the security of my money, provided all the info to and from an ATM machine is not using the commercial network!!!