funsec mailing list archives
Re: Windows-based cash machines 'easily hacked'
From: Chris Buechler <funsec () chrisbuechler com>
Date: Mon, 17 Mar 2008 20:32:03 -0400
Larry Seltzer wrote:
"Windows-based cash machines 'easily hacked'" This article basically makes two charges: ATMs aren't encrypting enough data and the boxes they are stored in can be broken into. The former is obviously an application error and the latter is obiously a hardware issue. What was the point of putting "Windows" in the title? Yes, they do make a quick vague accusation about Windows ATMs being less reliable than OS/2 ATMs. Right.
They're absolutely right, they just seem to have cut some important facts out of the article. These Windows-based ATMs are a security nightmare. It's not Microsoft's fault, it's the incompetent vendors who put them out, like NCR. Here's a nmap of a common NCR Windows XP-based ATM just like you'll find at many bank branches around the world (and happens to be where this one is): Not shown: 1692 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 2000/tcp open callbook Compared to a common, old plain green screen NCR OS/2 ATM: Not shown: 1696 closed ports PORT STATE SERVICE 2000/tcp open callbook Note the only port they actually require is TCP 2000. Why is the Windows ATM listening for RPC, NetBIOS, and more?! That aggravates me to no end every time I see it (I've scanned a ton of these things, they're all the same). Plus it's an unpatched machine that never updates itself. The *least* NCR could have done is firewall off everything but the one port required for the ATM to work. Then barring any issues in their software, it would be immune to Windows issues. These things have gaping holes from a long list of missing critical patches, if you have network access to a Windows ATM it's child's play to execute anything you want on one. I haven't dug into it far enough to see how far you can really go, but the OS is very easily exploitable. At that point it's probably easy to make it spit out money. Granted you need access to internal networks to do this, but still. These machines cost $20K+ USD a pop, yet apparently the people developing them are utterly inept. The reliability claim is true as well - I'd be willing to bet you've never seen a crashed OS/2 ATM. I haven't. But I've seen more crashed Windows-based ATMs than I can recall, with error messages on the screen, or actually displaying the Windows desktop on the screen, etc. You can't license OS/2 ATMs anymore, so banks are stuck with these disaster-waiting-to-happen Windows ATMs. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Windows-based cash machines 'easily hacked' Juha-Matti Laurio (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Larry Seltzer (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Andy Sutton (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Nick FitzGerald (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Chris Buechler (Mar 17)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Valdis . Kletnieks (Mar 17)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Kitsune (Mar 18)
- Re: Windows-based cash machines 'easily hacked' der Mouse (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Rich Kulawiec (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Dennis Henderson (Mar 18)
- Re: Windows-based cash machines 'easily hacked' Larry Seltzer (Mar 17)