Faulty Drivers Fuel ATM Hacking Problem, Say Researchers

Faulty Windows drivers are to blame for many attacks against ATM and point-of-sale (POS) devices, according to research from Portland, Oregon–based hardware security research company Eclypsium. In a report released this week, it built on previous research highlighting how attackers can exploit poorly designed third-party drivers to gain control over the kernel of Microsoft's operating system and the underlying device firmware. It went on to explain how people can exploit these vulnerabilities to target highly regulated devices.

The researchers found a vulnerable Windows driver exposing a Diebold Nixdorf ATM to attack after acquiring the computer used in the ATM, which controls critical components, including the cash cassettes. The hardware driver provided arbitrary access to I/O ports on the system, enabling it to access devices connected via the PCI interface. The system also used the driver to update the device's BIOS firmware, which could enable it to install a boot kit, they warned. The ATM vendor has already worked with Eclypsium to fix the problem, the report said.

This is not an isolated problem, the researchers warned. "These capabilities in a vulnerable driver could have a devastating impact on ATM or POS devices. Given that many of the drivers in these devices have not been closely analyzed, they are likely to contain undiscovered vulnerabilities," the report said.

Eclypsium drilled down into the specific driver problems that create problems for the Windows kernel in previous research. It named several vendors that had released vulnerable drivers for their devices.

For a long time, there was no way for Windows to mitigate these pr ..

Support the originator by clicking the read the rest link below.