On October 30, September 21, a website with a vulnerability in China reported that "a bank ATM has a security vulnerability" and can be attacked by hackers. Hackers can intrude into the ATM to steal the bank card account password and perform other operations. Rising security experts warned that, technically speaking, ATM vulnerabilities exist, especially those "Advanced cash machines" with full keyboard input or virtual keyboard input, which are more prone to hacker intrusion.
As shown in the following figure. The local directory browsing permission has been obtained.
According to rising security experts, many ATMs currently use Windows systems with many vulnerabilities, including Windows 2000, NT, and XP. Users can obtain system administrator privileges through browser vulnerabilities, this allows you to perform any operation on the machine.
The vulnerability demonstration on the internet is performed on an ATM machine running the Linux system. The visible hacker obtains the folder browsing permission of the local ATM, and only needs to perform some simple permission escalation operations, you can obtain the highest system administrator permissions, implant trojans on the machine, record the user's bank card number and password using the ATM, or even directly transfer money.
"Technically speaking, the difficulty of intruding into an ATM is no different from that of intruding into a common PC. If banks and ATM manufacturers do not provide the necessary security protection on the system, ATM is the hacker's ATM, the final victims are ordinary bank card users." Rising security experts said that because many ATM machines use a Windows system that is generally secure, it is not difficult to intrude into the system. It is just about inputting vulnerabilities into the ATM. The ATM with full or handwritten input can complete this task.
Rising security experts said the online ATM security vulnerability was the first time in China to find similar ATM attacks. This means that important facilities such as ATM related to people's property security have also become the targets of hackers.
How can users cope with the security risks of ATM attacks? Rising security experts pointed out that although the interface is extremely similar, in terms of ATM security protection and settings, state-owned large banks and world-famous ATM manufacturers usually have better security maintenance for ATMs, has a good monitoring process for the system kernel security. When a user withdraws money from an ATM, he/she should select a bank ATM with good reputation and security.