In response to the recent man-in-the-middle ATM attacks reported in California, the Wireless ATM Store, working with ATM manufacture Genmega, has engineered new security features to help protect vulnerable TCP/IP wireless connections. The new security features are included in Genmega’s new software, available today.
“Our first priority is always our customers,” says Rick Tibberino, CEO of the Wireless Store. “We are very happy to have been able to provide an alternative solution to prevent this type of attacks so quickly.”
The California attacks targeted unencrypted ATM communications rather than the ATM terminal. According to numerous reports, hackers used some type of host-simulating device to send altered transaction reply messages that effectively turned transaction denials into approvals – tricking the ATM into dispensing cash. The perpetrators were able to perform these fraudulent transactions by inserting a hacked wireless device in the top cabinet of the ATM to alter the transaction reply as it returned from the host.
When ATM operators use a wireless box for a faster connection, they may bypass the ATM’s built-in SSL encryption, leaving the terminal vulnerable. “To combat these hacks, we worked with the Wireless ATM Store to update our software with new security features to sync the wireless device to the ATM, preventing criminals from switching boxes to perform unauthorized transactions,” says Senior Vice President of Sales of Genmega Wes Dunn. “Although this is not a permanent solution, it is a roadblock and, obviously, that’s a good thing.”
“The new software features will require the master password to install, replace or alter the wireless communication device,” Tibberino says. “We’ve successfully tested the solution and are proud to announce the updated software will fortify all ATM wireless devices running on IP only terminals, not just those sold by the Wireless ATM Store.”
“Moving forward we expect to work with the other ATM manufacturers to ensure all ATMs are protected from this type of attack,” Tibberino adds.