When you think of hackers hacking ATMs, you probably envision them holding tools that plugs into the ATM, or perhaps create ATM card skimmers that lets them steal account information and passwords. Well in a surprising hack discovered by security vendor, Symantec, it seems that hackers have found a way to make a certain type of ATM spew out cash via text message.
The ATM brand in question remains a mystery which we guess is a good thing since it would probably create a lot of panic if it were revealed, not to mention the backlash banks using that brand would get if it was discovered as well, although then again the public does have the right to know, don’t they?
Anyway that is a debate for another time, but in the meantime Symantec has reported that they have managed to get their hands on one of the ATMs in order to find out how the Ploutus software works.
According to the reports, early builds of Ploutus had to be controlled via an attached keyboard or the numerical pad on the ATM. However with the latest build, it seems that it can be controlled via text message. How it works is that the hackers need to open up the ATM themselves, attach a mobile phone inside which acts as a controller, and infect the machine with the software.
“When the phone detects a new message under the required format, the mobile device will convert the message into a network packet and will forward it to the ATM through the USB cable,” according to Daniel Regalado, a Symantec malware analyst.
This is apparently more efficient than older builds of Ploutus which requires someone to stand in front of the ATM in order to hack it. With this method, the attacker can trigger the ATM remotely and then come and pick up the cash or send someone else in to do it for them, thus reducing the risk of detection.
We’re not sure if this is because the ATMs are still running on Windows XP, but chances are that they might be. According to previously released statistics, it has been found that 95% of ATMs are still running on Windows XP which Microsoft will be ending support to in April, which could then lead to the risk of them being more vulnerable to attacks.