As it all seems to be extremely easy to do hacking in one ATM these days, researchers too security of Symantec they say that Windows XP of Microsoft, (the operating machine running) makes the problem worse.
We do not know whether Microsoft makes a special agreement with the Banks to further support its operations, or whether the Banks change all their systems. One thing is for sure. Something must be done because everyone's deposits are at risk (so we do not misunderstand, we favor those who have it).
This week, her security researchers Symantec have posted on their blog a new technique that exploded in Mexico using text messages (SMS) to give access to a hacker. It's not as simple as it sounds.
Relevant Articles
- Ploutus returns more powerful and translated to empty ATMs
- Symantec warns of the first malware attacking ATM software
The method from the beginning?
The first step in this method involves installing a known malware called Ploutus in an automatic take-off machine (we have mentioned Ploutus for some time now). This requires the hacker to break the machine and use a CD - ROM or USB stick to infect the operating system.
In the past, the attack was carried out using an external keyboard. With the sophisticated method, the hacker simply connects a smartphone to the machine and via USB and sends a text message to the phone. The phone converts text into a network packet that checks the automatic take-off machine and forces it to take out all of its cash.
It is a very clever method. The mobile phone allows hackers to carry out multiple attacks without having to jailbreak the machine each time. Instead, all you need is a super market trolley to transport them money as shown by picture of Symantec.
As the security company on her blog, what makes it easy for hackers is the fact that 95% of machines run on Windows XP which Microsoft is about to withdraw. And this will make it even easier for hackers to develop malware and other techniques to take advantage of automatic download machines
More information on Symantec's blog attack and video
