Attackers can steal customer data within 15 minutes after entering the service area of any ATM. About this list of Kommersant, citing the study of Positive Technologies.
It has been reported that 85 percent of ATMs are vulnerable to attacks aimed at stealing money. At the same time, criminals can not only use readers (skimmers), but also to intercept information during data transfer between the ATM and the processing center or between the ATM and card readers operating system.
In addition, the company has discovered that most ATMs are running on obsolete software, and many banks prefer not to buy upgrades.
However, Positive Technologies is convinced, claiming that the identified vulnerabilities of ATMs do not always mean the possibility of a real attack. In particular, theft of money with the aid of skyscrapers is almost a thing of the past with magnetic cards – now all banks in Russia are working on chips.
At the same time, brutal force remains the most popular tool for hacking ATMs. "The magical experienced attacker breaks the ATM machine in 3 minutes, two big men take away the safe and go away," Kommersant told the bank.
In September 2017, experts from the Center for Monitoring and Response to Computing Attacks in the Credit and Finance Sphere (FinCERT) of the Central Bank have told what information on bank cards is interested in criminals. Attackers try to steal information about the payment application type, card expiration date, cardholder name, PAN (main account number, main card number), transaction history, and the number of remaining PIN code attempts.