Security
Man in the middle: Dealing with a big ATM threat
Man in the middle attacks are increasing in intensity against ATMs. Here's what they are and how to prevent them.
May 13, 2025 by Bradley Cooper — Editor, ATM Marketplace & Food Truck Operator
ATMs are no stranger to malicious actors. With the average ATM holding tens of thousands of dollars at any one time, it's no wonder that criminals will try anything to get their hands on its cassettes.
There have been a number of tactics used ranging from tearing the machine out with a hook and chain, bending the metal back with jaws of life or even using explosives. However, these attacks are messy, risky and draw a lot of attention to the thieves. As a result, thieves also experiment with less noticeable veins of attack: such as a Man in the Middle.
Imperva defines such a method as, "a general term for when a perpetrator positions himself in a conversation between a user and an application — either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway."
In the case of an ATM, the thief is able to trick the machine into thinking it is performing a legitimate withdrawal. There are a variety of methods that criminals use in this, ranging form inserting a device into the ATM itself to hacking into a banking system and more.
When it comes to the tools criminals use, Sepiocyber identifies a few common one, such as accessing the black box and inserting a Raspberry Pi Zero W between the PC and dispenser. This is commonly known as jackpotting. However, there are simpler ways as well such as using a WiFI Pineapple, LAN Turtle or other devices to plug into the machine and send fraudulent commands to the ATM via the network.
To learn more about these attacks and how ATM operators can address them, ATM Marketplace spoke with Michael Strange, director of technology services at Cook Solutions Group.
Q. Can you describe a bit about what Man in the Middle attacks are for those unfamiliar with them?
Strange:A Man-in the Middle (MITM) occurs by placing a device between the ATM and the Host. There are two methods for MITM attacks. The attacker can gain access via malware or via a "block box." Once the bad actors are between the ATM and the Host they can intercept approval requests sent to the host, prevent them from reaching the host, and provide a counterfeit approval message, allowing the fraudulent transaction to dispense cash. Then a cash harvest is performed, draining the ATM.
Q. What makes ATMs vulnerable to these attacks?
Strange: Having unencrypted communications between the ATM PC core and the ATM Host. Not protecting the ethernet cable running from the ATM to your network infrastructure. Not enabling basic network security, i.e. MAC address binding and port security.
Q. Why have we seen an increase in these kinds of attacks?
Strange: Criminal organizations and gangs have identified vulnerabilities including weak security protocols and a general lack of awareness around ATMs. As ATMs become more connected and criminal organizations start using more sophisticated tools and techniques, these sorts of attacks will increase.
Q. What factors make one most vulnerable to these attacks?
Strange: The main vulnerability is not using TLS 1.2 for ATM Host communications.
Q. Can you offer three strategies to mitigate or prevent these attacks?
Strange: A layered security approach is the best way to defend against MITM and any ATM attacks. Enable TLS 1.2 with your host, have security software like CSG's Security+ to protect against malware, and protect the physical environment by alarming the top hat, adding surveillance cameras, installing security gates, and using advanced protection like CSG's Suspicious Activity Notification.
About Bradley Cooper
Included In This Story
Cook Solutions Group
Simple | Secure | Service | Solutions. From ATM sales, support, and service to enterprise security solutions with Next Generation technology. Think CSG First. We Make it Happen!
Related Media
SecurityPresented ByDiebold Nixdorf
Subscribe
Get the latest news and resources from ATM Marketplace.
