Οι ειδικοί της Kaspersky Lab διερεύνησαν το πώς οι ψηφιακοί εγκληματίες μπορούν να εκμεταλλευτούν τις νέες τεχνολογίες ταυτοποίησης των ATM που σχεδιάζουν οι τράπεζες. Ενώ πολλοί οικονομικοί οργανισμοί θεωρούν τις solutions με βάση τα βιομετρικά στοιχεία ως τις πιο πολλά υποσχόμενες προσθήκες στις υπάρχουσες μεθόδους ταυτοποίησης, ή ακόμα και μία επιλογή για την αντικατάσταση των τελευταίων, οι ψηφιακοί εγκληματίες βλέπουν τη χρήση βιομετρικών στοιχείων ως μία νέα ευκαιρία για την κλοπή ευαίσθητων πληροφοριών.
ATMs have been the target of fraudsters hunting for credit card data for years. It all began with the primitives"skimmers” – ιδιοκατασκευές που τοποθετούνταν σε ένα ATM, οι οποίες είχαν τη δυνατότητα να υποκλέπτουν πληροφορίες από τη μαγνητική ταινία της κάρτας, καθώς και τον αντίστοιχο κωδικό ΡΙΝ με τη βοήθεια ενός ψεύτικου πληκτρολογίου ATM ή μίας webcam.
Over time, the design of these devices improved to make them less visible. With her introduction technologys “chip-and-pin” in payment cards, which made their “cloning” very difficult but not impossible, the related devices evolved from “skimmers” to “shimmers”: largely the same, but with the ability to collect information from the card's microchip, providing sufficient information to carry out a cyber attack. The banking sector is responding with new identification solutions, some of which are based on biometrics.
According research Kaspersky Lab's "underground" digital crime, there are already at least a dozen vendors that provide skimmers capable of stealing victims' fingerprints, as well as at least three vendors that are already developing devices that could illegally harvest data from palm or iris recognition systems;
The first "wave" of biometric skimmers was studied during "testing" in September of 2015. Data collected by Kaspersky Lab researchers reveal that during the initial testing, developers discovered several bugs. However, the main problem was the use of GSM data for the transfer of biometric data - it was too late to transport the large volume of data being collected. As a result, new versions of skimmers will use other, faster data transfer technologies.
There are also indications of ongoing discussions between "underground" communities about the development of mobile apps based on masking over the human face. With such an application, attackers can take a photo of a person who has been published on social media and use it to trick the face recognition system.
"The problem with using biometrics is that, unlike passwords or PINs that can be easily modified in the event of a breach, it is impossible to change your fingerprints or the image of your iris. So, even if your data is compromised once, it will not be safe to use this authentication method again. For this reason, it is extremely important that you keep your data safe and secure. Biometric data is also recorded in modern passports - called e-passports - in visas, etc. Thus, if an attacker steals an e-passport, he holds not only the document, but also the biometric data of the individual. "In fact, his own identity has been stolen!" Said Olga Kochetova, a security expert at Kaspersky Lab.
Η χρήση εργαλείων που είναι ικανά να θέσουν σε κίνδυνο βιομετρικά δεδομένα δεν είναι η μόνη δυνητική ψηφιακή απειλή που αντιμετωπίζουν τα ATM, σύμφωνα με τους ερευνητές της Kaspersky Lab. Οι hackerς θα συνεχίσουν να διεξάγουν επιθέσεις που βασίζονται σε κακόβουλα λογισμικά, επιθέσεις blackbox και επιθέσεις δικτύου για να αξιοποιήσουν τα δεδομένα που μπορούν να χρησιμοποιηθούν αργότερα για να κλέψουν χρήματα από τις τράπεζες και τους πελάτες τους.
For full exposure to the upcoming digital threats to ATMs and the measures that can protect banks from these threats, you can visit the dedicated website Securelist.com.
