A flaw in cash machines that allows criminals to quickly steal wads of cash has been discovered, according to a report by Reuters.
Interpol has alerted countries in Europe, Latin America and Asia known to have been targeted – and is carrying out a widespread investigation.
Security firm Kaspersky Labs discovered the hack, which is enabled by entering a series of digits on the keypad.
Infected cash machines can be instructed to dispense 40 notes at once, without a credit or debit card.
Kaspersky Labs produced a video showing how the hack was carried out. More details were provided in a blog post.
Prior to trying to obtain the cash, targeted machines are infected with malicious software via a boot CD.
To do this, criminals need physical access to the workings of the machine.
Once the malware – known as Tyupkin – has been installed, the “mule” sent to collect the cash must enter a code on the machine’s key pad.
But Tyupkin then requires a second unique code – randomly generated by an algorithm at a remote location – to unlock the machine and dispense the cash.
It is this part of the process that ensures the criminal who has this algorithm retains control over when and how often these illegal withdrawals occur.
No comments:
Post a Comment