In response to recent man-in-the-middle ATM attacks reported in California, we at the Wireless ATM Store, working with ATM manufacturer Genmega, have introduced new security features engineered to protect vulnerable TCP/IP wireless connections.
The features are included in updated Genmega ATM software, which is now available. The Wireless ATM store expects to work with other manufacturers to incorporate the solution as well.
“Our first priority has always been our customers,” says Wireless ATM Store CEO Rick Tibberino. “We are very happy to have been able to provide an alternative solution to prevent this type of attack so quickly.”
The California attacks targeted unencrypted ATM communications rather than the ATM terminal itself, according to the release. A hacked wireless device inserted into the top cabinet of the ATM was used to alter transaction replies returned from the host, effectively turning transaction denials into approvals, and “tricking” the ATM into dispensing cash.
This type of attack is made possible when an ATM operator using a wireless box bypasses the machine’s built-in SSL encryption, the release said.
“To combat these hacks, we worked with the Wireless ATM Store to update our software with new security features to sync the wireless device to the ATM, preventing criminals from switching boxes to perform unauthorized transactions,” says Wes Dunn, Genmega senior vice president of sales. “Although this is not a permanent solution, it is a roadblock, and obviously, that’s a good thing.”
The updated software requires the use of a master password in order to install, replace or alter the wireless communication device. According to the release, the fix helps to protect any ATM wireless device running on an IP-only terminal, not just those devices sold by the Wireless ATM Store.
For more information please call (877) 977-8020