Daily Archives: February 10, 2016

Skimmers Hijack ATM Network Cables

Posted on February 10, 2016 | 1 comment
ATM

Two network cable card skimming devices, as found attached to the ATM.

If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data.

In an alert sent to customers Feb. 8, NCR said it received reliable reports of NCR and Diebold ATMs being attacked through the use of external skimming devices that hijack the cash machine’s phone or Internet jack.

“These devices are plugged into the ATM network cables and intercept customer card data. Additional devices are attached to the ATM to capture the PIN,” NCR warned. “A keyboard overlay was used to attack an NCR ATM, a concealed camera was used on the Diebold ATM. PIN data is then likely transmitted wirelessly to the skimming device.”

The ATM maker believes these attacks represent a continuation of the trend where criminals are finding alternative methods to skim magnetic strip cards. Such alternative methods avoid placing the skimmer on the ATM card entry bezel, which is where most anti-skimming technology is located.

NCR said cash machine operators must consider all points where card data may be accessible — in addition to the traditional point of vulnerability at the card entry bezel — and that having ATM network communications cables and connections exposed in publicly accessible locations only invites trouble.

network_Box

A closer look at the two network cable card skimming devices that were attached to the stand-alone ATM pictured at the top of this story.

If something doesn’t look right about an ATM, don’t use it and move on to the next one. It’s not worth the hassle and risk associated with having your checking account emptied of cash. Also, it’s best to favor ATMs that are installed inside of a building or wall as opposed to free-standing machines, which may be more vulnerable to tampering.

1 Comment

Posted in Data Breach, Forensic, Hacking, Hacks, Network, Security, Technology

New Report Says Connected Automobiles are Ripe for Cyber-Attack

Posted on February 10, 2016 | 1 comment

Bluetooth-compImagine your tooling down the freeway in your fancy new car when suddenly it’s being commandeered by hackers, who demand ransom or they will steer you into oncoming traffic. If you try to pull over, you can’t, the steering wheel is no longer under your control.  You slam on the breaks, but get no response.  This may sound like a script for some futuristic doomsday movie, but it’s more real than anyone would like to imagine. This scenario was actually played out by researchers Charlie Miller and Chris Valasek, who in 2014, hacked a vehicle and took over its operation.

Now an even more ominous threat reveals itself, in a new 60-page automotive report, Cyber Security in the Connected Vehicle. The report is covered in a recent Network World article that says the detailed study of car cybersecurity delves into all aspects of IoT (Internet of things) vehicle vulnerability including types of exploits, various attack surfaces, hacker heat maps and more.  According to the article, experts predict that my 2020, 75% of all cars shipped globally will be “connected cars”, meaning they will be vulnerable to a cyber-attack.

Perhaps the most revealing part of this report is that the threat goes beyond taking over some operations in your car; what hackers are really after is your data. Believe it or not, your personnel data may be accessed by hacking into your automobile and one of the main attack surfaces will be your Bluetooth.  As the report says, “Services that involve financial transactions will be a prime target, and here the supporting infrastructure is at least as much an attack point as the in-vehicle parts.”  Bluetooth is one of the infrastructures they’re talking about and according to researcher Keigo Haataja, attackers can use powerful directional antennas that can increase a cyber criminal’s ability to scan and eavesdrop on Bluetooth conversations.

Miller and Valasek have also named Bluetooth as one of the biggest and most viable attack surfaces in today’s automobiles, citing the complexity of the protocol it uses.  This is not news because as early as 2002, SANS was warning of inherent security issues with Bluetooth.  Now that this technology is integrated with your car, your phone, your tablet and countless other devices – even hearing aids – the opportunities for hackers seem endless.

The IoT and the trend toward connecting all of us with our devices and each other does not look to be waning.  And with connectedness comes the inevitable upsurge in data movement, increasing the potential for a data breach.The conveniences these developments bring sometimes makes us forget their vulnerabilities. That’s why choosing security that provides visibility across all Web traffic and continuous monitoring is critical.  Monitoring data movement with the ability to analyze and interrupt suspicious transfers are critical capabilities that should be part of every organization’s security strategy.

 

 

1 Comment

Posted in Data Breach, Forensic, Hacking, Hacks, Security, Technology