Researcher found bugs in Kaspersky Lab's security software used in cash registers and other systems. Hackers can take advantage of bugs to bypass ATM system defenses.
Although Kaspersky immediately responded to the discovery, developed and released a patch, one wonders how long it will need to install updates on the equipment ATM which is located all over the world.
Georgy Zaytsev, her researcher Positive Technologies, revealed a vulnerability in the Kaspersky Embedded Systems Security 1.1 and 1.2 Boot Controls during a cashier security audit using the technology.
Exploiting the error causes the Kaspersky software to be overloaded to a point where it can not process file verification requests. This means that any malicious software could bypass the white list controls that are in place to prevent infections.
"The vulnerabilities that have been reported to us do not allow the immediate withdrawal of cash from the ATM. "Several conditions will have to come together for such an attack to work: for example, before exploiting these vulnerabilities, an attacker would first have to infect the system with malware (bypassing all protection elements) and run it into the system." said a Kaspersky Lab spokesman.
To crash the antivirus, an attacker should add a large number of arbitrary data to an executable file. When this program starts, the system calculates its hash and checks a list of approved digital signatures to decide whether to allow or hinder the execution of the application. With such a large file, the process takes longer than the time set for verifying regular files.
When this period expires, the program starts anyway. It is a one-off attack because the hash process does not stop and the system stores hidden signatures. Therefore, the next time the executable file starts, Kaspersky's software will be able to immediately see that the file is malicious and stop it.
If you use Kaspersky ATMs on your service, beware of the critical fix KB13520. The upgrade was released quietly at the end of June. So all ATM owners should immediately update their security software.