We have warned several times of risks for ATM running outdated Windows XP operating system. These systems could be easily hacked as recently discovered by an employee of the Russian blogging platform Habrahabr who reported that the ATMs operated by the Sberbank bank running Windows XP are affected by easily exploitable security vulnerabilities.
The user discovered that a full-screen lock that prevents access to various components of an ATM operating system could be bypassed by pressing five times special keys like SHIFT, CTRL, ALT, and WINDOWS.
By pressing the SHIFT key five times it is possible to access the Windows settings and displaying the taskbar and Start menu of the operating system, with this trick users can have access to Windows XP by using the touchscreen.
“Well, I, standing at the terminal of the Savings Bank with a full-sized keyboard and waiting for the operator to answer the phone, decided to press this Shift from boredom, naively believing that without functional keys this would lead to nothing. No matter how it is! Five times quick pressing of this key gave me that very little window, besides revealing the task panel with all the bank software.” wrote the user.
“Stopping the work of the batch file (see the taskbar on the video below), and then all the banking software, you can break the terminal.”
This vulnerability allows hackers to modify ATM boot scripts and install malicious code on the machine.
The users tried to report the issue to the Sberbank contact center, but unfortunately, the operator was not able to help the man and suggested him to contact the support service using the phone number written on the terminal itself.
According to the German website WinFuture, Sberbank had been informed of the security flaw in its ATM almost two weeks ago. The bank confirmed to have immediately fixed the security issue, but the user who discovered the flaw claimed that the issue is still present on the terminal he visited.
“In tech support, a friendly girl after I said that I want to report a vulnerability, immediately switched me to some other specialist. He first asked how to contact me and the terminal number, then on the nature of the problem, then I listened to music for a long time, and, after all, the guy said that the problem is fixed. ” continues the user.
“All this happened on the sixth of December. Two weeks later I decided to check that there is a terminal. Still, after all, they said that they “fixed” the problem, probably they should have already eliminated it, but no – it’s still there, the window still pops up.”
Security experts urge financial institutions to update the latest version of Windows for their ATMs.
(Security Affairs – ATMs, hacking)