Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

ATM Equals 'All The Money' →

May 03, 2017 by Marc Handelman in All is Information, Attack Analysis, Attack Vectors, Bank Security, Crime, Criminal Enterprise, Hardware Security, Information Security, Financial Security

John Leyden, writing at El Reg, tells the tale of the latest ATM SNAFU. All based on CVE-2017-6968... Astonishing, indeed.

"To exploit the vulnerability, a criminal would need to pose as the control server, which is possible via ARP spoofing, or by simply connecting the ATM to a criminal-controlled network connection," said Georgy Zaytsev, a researcher with Positive Technologies. "During the process of generating the public key for traffic encryption, the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution." - via John Leyden, at El Reg

May 03, 2017 /Marc Handelman
All is Information, Attack Analysis, Attack Vectors, Bank Security, Crime, Criminal Enterprise, Hardware Security, Information Security, Financial Security
  • Newer
  • Older