To avoid hacking ATMs with the help of Cutlet Maker

The Laboratory recommends setting a default ban on launching unauthorized programs in tinctures, introducing a restriction on connecting unauthorized devices, and also installing protection.

Vulnerabilities in Lab products

Kaspersky Lab produces, among other things, security software for ATMs, which periodically detects vulnerabilities that also allow criminals to extract cash from the device. In particular, in July 2017, Georgy Zaitsev, an employee of Positive Technologies, discovered a vulnerability in the Kaspersky Embedded Systems Security product, which is designed to protect embedded systems. The bug was found in product versions 1.1 and 1.2, it is contained in the Application Control component.

Through the vulnerability found, the criminal can cause an overload of protection, and it stops processing requests for file launch verification in a timely manner. Thanks to this, the hacker has the opportunity to run extraneous applications in the ATM system, including executable files, from removable media or via the network. Thus, the criminal can increase the level of his privileges, infect the system or withdraw all the money from the ATM.

A vulnerability in Application Control opens up two hacking paths to a hacker at once. Firstly, you can add a large amount of arbitrary data to the end of the executable file, after which it will run its execution twice and thereby cause the necessary “hang”. Secondly, you can take advantage of the delay in calculating the hash sum for a large file and simultaneously launch several copies of the application, which will also cause it to “hang”.