Digital Trends

Next time you’re getting cash from the ATM, think hard. How secure is it? According to security company Network Box, not very.

 

Vnunet cites the company as saying that ATMS are vulnerable to I P worms, disruption of the IP network and denial of service, and the harvesting of transaction data for malicious purposes.

 

These days the majority of ATMS are based on PC and Intel hardware, with a TCP/IP connection for the payment processor. The PIN is encrypted, but the messages sent to and from the machine are not, meaning most of the information can easily be read.

 

Mark Webb-Johnson, chief technology officer at Network Box, said,

 

“Most people simply assume that because an ATM is invariably provided by a bank, the transactions and the data being transmitted must be secure. We have already seen how the Nachi worm crossed over into 'secure' networks and infected ATMs for two financial institutions, and SQL Slammer indirectly shutdown 13,000 Bank of America ATMs. If banks do not use technology that can provide an effective level of protection it is very likely that more high-profile attacks will follow."

 

The company is recommending that all data be encrypted, and that ATM networks be separated from the rest of the bank’s networks.