NEW – Vulnerabilities in ATMs allowed illegal cash withdrawals
NEW – Vulnerabilities in ATMs allowed illegal cash withdrawals-
To exploit the vulnerabilities, an attacker needs physical access to the internal components of the ATM.
ATM manufacturers Diebold Nixdorf and NCR have eliminated a number of vulnerabilities in their products. Which provided the ability to execute arbitrary code with or without SYSTEM-level rights. As well as carry out illegal cash withdrawals using special commands.
As explained Specialists from the CERT team at Carnegie Mellon University, the first vulnerability (CVE-2020-9062). Affected Diebold Nixdorf ProCash 2100xe ATMs running on Wincor Probase version 1.1.30. The problem was the lack of a mechanism for encryption, authentication. And message integrity between the CCDM cassette module and the host. As a result, an attacker with physical access to an ATM could intercept and modify messages, for example. About the amount and denomination of funds, and send them to the computer.
A similar vulnerability (CVE-2020-10124) has been discVulnerabilities in ATMs allowed illegal cash. Withdrawalsoveredat NCR SelfServ ATMs using APTRA XFS software 04.02.01 and 05.01.00. As in the case described above, the software does not encrypt, authenticate or check the integrity of messages between. The bill acceptor (BNA) and the computer.
Two other vulnerabilities (CVE-2020-10125 and CVE-2020-10126) relate to incorrect implementation of certificates. For checking BNA updates and incorrect checking of BNA updates. Which allowed code to be executed on a host with or without system privileges.
To exploit the vulnerabilities, an attacker needs physical access to the internal components of the ATM.
At the end of July, Diebold Nixdorf announced a new type of black box attacks on ATMs, in which attackers. Used a copy of the ATM’s firmware to interact with the device.
That’s all on NEW – Vulnerabilities in ATMs allowed illegal cash withdrawals
WE ARE HERE FOR SERIOUS BUSINESS, WE DO NOT TOLERATE TIME WASTERS AND BEGGARS TRYING TO BEG OR SCAM US OF OUR PRODUCTS. Payment is Upfront, Our services are not free CONTACT US FOR PURCHASE/INQUIRIES, WE RESPOND ALMOST INSTANTLY : WHATSAPP: sudohackers.com CLICK HERE EMAIL: [email protected] EMAIL US NOW ICQ: sudohackers.com CLICK HERE TELEGRAM: sudohackers.com CLICK HERE
Contact us for support. We sell fresh ATM Hacking, Paypal/Cashapp accounts & Transfers, Dumps with Pin, Western Union Transfers, ATM Skimmers, Bank logins, and lots more.
