Researcher found bugs in security software of Kaspersky Lab used in cash registers and other systems. Hackers can exploit bugs to bypass ATM system defenses.
Although Kaspersky immediately responded to the discovery, developed and released a patch, one wonders how long it will need to install updates on the equipment ATM which is located all over the world.
Georgy Zaytsev, her researcher Positive Technologies, revealed a vulnerability in the Kaspersky Embedded Systems Security 1.1 and 1.2 Boot Controls during a cashier security audit using the technology.
Exploiting the bug causes it to be overloaded software of Kaspersky to the point that it cannot process verification requests files. This means that any malware could bypass the whitelist checks that are in place to prevent infections.
"The vulnerabilities that have been reported to us do not directly allow the withdrawal of cash from the ATM. Several conditions would need to be met for such an attack to work: for example, before exploiting these vulnerabilities, an attacker would first have to infect the system with malware (bypassing all protections) and run it inside the system,” said a Kaspersky Lab representative.
To crash the antivirus, an attacker would have to add a large number of arbitrary data with an executable file. When this program starts, the system calculates its hash and checks a list of approved digital signatures to decide whether to allow or block the application from running. With such a large file, the process takes longer than the time set for normal file verification.
When this period expires, the program starts anyway. It is a one-off attack because the hash process does not stop and the system stores hidden signatures. Therefore, the next time the executable file starts, Kaspersky's software will be able to immediately see that the file is malicious and stop it.
If you use Kaspersky ATMs on your service, beware of the critical fix KB13520. The upgrade was released quietly at the end of June. So all ATM owners should immediately update their security software.
