NEW – Vulnerabilities in ATMs allowed illegal cash withdrawals

NEW – Vulnerabilities in ATMs allowed illegal cash withdrawals

NEW – Vulnerabilities in ATMs allowed illegal cash withdrawals-

To exploit the vulnerabilities, an attacker needs physical access to the internal components of the ATM.

ATM manufacturers Diebold Nixdorf and NCR have eliminated a number of vulnerabilities in their products. Which provided the ability to execute arbitrary code with or without SYSTEM-level rights. As well as carry out illegal cash withdrawals using special commands.

As explained Specialists from the CERT team at Carnegie Mellon University, the first vulnerability (CVE-2020-9062). Affected Diebold Nixdorf ProCash 2100xe ATMs running on Wincor Probase version 1.1.30. The problem was the lack of a mechanism for encryption, authentication. And message integrity between the CCDM cassette module and the host. As a result, an attacker with physical access to an ATM could intercept and modify messages, for example. About the amount and denomination of funds, and send them to the computer.

A similar vulnerability (CVE-2020-10124) has been discVulnerabilities in ATMs allowed illegal cash. Withdrawalsoveredat NCR SelfServ ATMs using APTRA XFS software 04.02.01 and 05.01.00. As in the case described above, the software does not encrypt, authenticate or check the integrity of messages between. The bill acceptor (BNA) and the computer.
Two other vulnerabilities (CVE-2020-10125 and CVE-2020-10126) relate to incorrect implementation of certificates. For checking BNA updates and incorrect checking of BNA updates. Which allowed code to be executed on a host with or without system privileges.

To exploit the vulnerabilities, an attacker needs physical access to the internal components of the ATM.

At the end of July, Diebold Nixdorf announced a new type of black box attacks on ATMs, in which attackers. Used a copy of the ATM’s firmware to interact with the device.

That’s all on NEW – Vulnerabilities in ATMs allowed illegal cash withdrawals

WE ARE HERE FOR SERIOUS BUSINESS, WE DO NOT TOLERATE TIME WASTERS
AND BEGGARS TRYING TO BEG OR SCAM US OF OUR PRODUCTS. 
Payment is Upfront, Our services are not free

 

CONTACT US FOR PURCHASE/INQUIRIES, WE RESPOND ALMOST INSTANTLY :

WHATSAPP: sudohackers.com  CLICK HERE

EMAIL: [email protected] EMAIL US NOW

ICQ:  sudohackers.com  CLICK HERE

TELEGRAM: sudohackers.com  CLICK HERE 


Contact us for support. We sell fresh ATM Hacking, Paypal/Cashapp accounts & Transfers, Dumps with Pin, Western Union Transfers, ATM Skimmers, Bank logins, and lots more.


We have other service like bank transfers to any bank account. W
e have helped change the life of people from different continents south America and across Europe. We can Card anytime for you and ship for half the price, Carding Iphone 11 pro, Botnet setup service, Carding Classes where you will learn everything that will help you make money

Leave a Reply