Are ATMs in danger?

   Network Box, the UK-based security firm, claims that the hardware and software used by ATMs are vulnerable to internet-based attacks just like regular computers. The company claims that 70% of all ATMs in use utilize PC/Intel hardware and Microsoft operating systems and are usually connected to banks with the help of IP networks.

    "Banks are not properly securing ATMs which are connected to IP networks," Network Box says. "This, coupled with the lack of encryption of sensitive financial information, seriously affects the trustworthiness of IP-ATM technology."  In other words, hackers can get an access to your personal information such as card numbers and expiry dates transmitted over IP-based ATM networks are not encrypted. ATM cards pins are encrypted though. "All data that is transmitted by ATMs to a processor should be encrypted, not just PINs" says Network Box. The company also suggests that all ATM operators are to install remote hardware-based firewalls as ATM software firewalls are easy to hack.  

    Network Box says that these attacks can include worms, hacking and denial of service. The company gives examples of such internet-based worm attacks: "the Nachi worm infected ATMs operated by two banks in August 2003, and the Slammer worm shut down 13,000 Bank of America ATMs in January 2003".

                                                       Rami, reporter of Ecommerce Journal