Researcher identified errorthe in software Kaspersky Lab security software used in cash registers and other systems. Hackers can exploit bugs to bypass ATM system defenses.
Although Kaspersky immediately responded to the discovery, developed and released a patch, one wonders how long it will need to install updates on the equipment ATM which is located all over the world.
Georgy Zaytsev, her researcher Positive Technologies, revealed a vulnerability in the Kaspersky Embedded Systems Security 1.1 and 1.2 Boot Controls during a cashier security audit using the technology.
Exploiting the error causes the Kaspersky software to be overloaded to a point where it can not process file verification requests. This means that any malicious software could bypass the white list controls that are in place to prevent infections.
"The vulnerable σημεία που μας έχουν αναφερθεί δεν επιτρέπουν άμεσα την απόσυρση μετρητών από το ATM. Θα χρειαστούν να συμπέσουν αρκετές προϋποθέσεις για να λειτουργήσει μια τέτοια επίθεση: για παράδειγμα, πριν εκμεταλλευτεί αυτές τις ευπάθειες, ένας εισβολέας Θα πρέπει πρώτα να μολύνει το σύστημα με κακόβουλο λογισμικό (παρακάμπτοντας όλα τα στοιχεία προστασίας) και να το τρέξει μέσα στο σύστημα", δήλωσε ένας εκπρόσωπος της Kaspersky Lab.
To crash the antivirus, an attacker would have to add a large amount of arbitrary data with an executable archive. When this program starts, the system calculates its hash and checks a list of approved digital signatures to decide whether to allow or block the application from running. With such a large file, the process takes longer than the time set for normal file verification.
When this period expires space, the program starts anyway. It is a one-time attack because the hash process does not stop and the system stores hidden signatures. Therefore, the next time the executable is launched, Kaspersky software will be able to immediately recognize that the file is malicious and stop it.
If you use Kaspersky ATMs on your service, beware of the critical fix KB13520. The upgrade was released quietly at the end of June. So all ATM owners should immediately update their security software.