Red Balloon Security Inc. found two vulnerabilities in ATMs manufactured by the U.S. largest ATM provider Nautilus Hyosung America Inc. Due to these vulnerabilities, hackers can gain complete control over more than the estimated 80,000 retailers ATM to access cash and data.
As per the report of Bloomberg, it can be noted out that the security firm also found the master key to access vulnerable ATMs on E-commerce giant Amazon for sale. ATMs can be hacked remotely as the vulnerability is severe.
The first vulnerability uses the concept of “Remote management system”, an attacker can read out all the card data that swipe via that particular ATM while the second one allows an attacker to inject malicious and trojan commands to the ATM by getting control over its PIN Keypad, Cash Dispenser, and Card Reader.
Nautilus Hyosung America has already issued firmware security updates to mitigate possible threats and we notified all of its commercial customers to immediately update their ATMs with these patches
Nautilus Hyosung America
Not only ATMs but the firm has also found flaws in the mobile app Nautilus that is used by technicians and ATM owners. Attackers can gain user accounts, ATMs — location, cash balances, software version, and service requests. Well, no calamities are been detected regarding any ATM breach. The company further suggested that the patch has been done and Red Balloon is working with the firm for more security updates.
