Continued use of obsolete systems led to recent ATM hacks

  • Nation
  • Friday, 24 Oct 2014

KUALA LUMPUR: The spate of Automated Teller Machines (ATM) hacks last month were due to financial institutions' continued use of obsolete operating systems and lack of "penetration testing", opined an IT security consultant.

Jacco Van Tuijl, who conducts penetration testing (sanctioned hacking into systems to determine their vulnerability to attacks) for banks in the Netherlands, pointed out that many ATMs still use the now-obsolete, 13-year-old Windows XP operating system.

This leaves systems and ATMs vulnerable to hacking attacks as Microsoft has since stopped providing support and security updates to the operating system.

Van Tuijl said banks and financial institutions should update their operating software to a current, supported version to avoid being victims of hackers.

"It would be tough to protect against any kind of malware. Every day, new vulnerabilities are published," he told The Star Online at the Hack in The Box security conference recently.

"You can't have a machine and leave it without doing proper patching," he said, pointing out that Microsoft, for example, released security patches for its products every Tuesday.

Another IT security consultant, Dr Stefano Zanero, said that the recent ATM hacking cases showed the importance of physical security of the ATMs, as the incidents showed the how easily the machines were tampered with.

He said this sort of defect would have been detected if the banks had hired penetration testers to test out their systems.

"The ATM is basically a computer. We have conducted penetration tests and were able to access USB ports inside of ATMs by cutting through the metal.

"While network security is important, so is physical security," said Dr Zanero.

Last month, a gang exploited flaws in the authentication process to hack into at least 14 ATMs in Selangor, Johor and Malacca, and got away with almost RM3mil.

Police said the suspects hacked the machines by inserting a disc into the ATMs' CD-ROMs that would then infect the machines with a virus or malware.

The ATMs are believed to have been using the Windows XP system.

Van Tuijl said the gang would have had physical access to an ATM to test their malware.

"Software and malware development is about trial and error. It would have taken a lot of testing," he said.

He added that the gang would have been well-organised, comprising people with various skill sets.

Dr Zanero said that the attacks against ATMs was not specific to Malaysia and occurred in other parts of the world as well.

He said that similar cases were recorded in Russia and Middle East recently.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

ATM hack , Banking , Security , Operating systems


Next In Nation

Cop found dead with gunshot wound in Muar
Bukit Aman, Australian police to work together over drug case after arrest of M’sian, seizure of 450kg heroin
Illicit flow of funds not linked to Pandora Papers, says Najib
Covid-19 Watch: 6,145 new cases bring total to 2,390,687
R&R stops in Johor return to life and hotel occupancy soars after travel restrictions lifted
Students glad to be back in school after months of home learning
Over RM2.5mil worth of luxury car parts and booze seized in Johor
KL police advise Pekan Kepong PPR residents to be cautious, share crime trends
Pangkor hotels record 78% in occupancy rate, more tourists arrivals expected in Perak, says exco member
KJ jokingly says he uses ‘vaccine genies’ to protect Malaysia

Others Also Read