A Spanish company called GMV has developed a vulnerable software called Checker ATM, which is used by more than 20 banks across 80,000 cash machines, according to GMV’s website and security company, Positive Technologies.
Criminals have been attacking the vulnerable ATMs, demonstrating remarkable knowledge of the machine software. Once inside of an ATM, they are able to interface with APIs that control features, such as dispensing cash and issuing commands for a fraudulent outcome.
The Checker ATM software is created to secure ATM machines, running Linux or Windows, by blocking interactions between external devices, and restricting what applications are allowed to run on the machines – competing with Symantec, McAfee, Bit 9 and Trend Micro products.
Despite banking industries efforts to secure the machines, a security company has found a memory-related hiccup (CVE-2017-6968), which is also known as a buffer overflow, in versions 4.x and 5.x.
“The defect allows an attacker to remotely run code on a targeted ATM to increase his privileges in the system, infect it and steal money,” says Positive Technologies in a blog post.
The patch is easy to remotely install using software deployment tools.
“We sent a security warning to our customers as soon as we generated a patch. In that note, we strongly recommended to apply this patch as soon as possible,” says GMV.
Written from press release by Leah Alger