News

Checker ATM Security users urged to install GMV-issued patch

May 4, 2017

Security research firm Positive Technologies has discovered a serious vulnerability in GMV Checker ATM Security, according to a press release.

The defect allows a hacker to remotely run code on a targeted ATM to increase the attacker's privileges in the system, infect it and steal money.

Positive Technologies researcher Georgy Zaytsev explained how an attack could be carried out:

To exploit the vulnerability, a criminal would need to pose as the control server, which is possible via ARP spoofing, or by simply connecting the ATM to a criminal-controlled network connection.

During the process of generating the public key for traffic encryption, the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution. This can give an attacker full control over the ATM and allow a variety of manipulations, including unauthorized money withdrawal.

Zaytsev was able to develop test exploits that disabled Checker ATM Security, and allowed arbitrary code to then run on the ATM.

Checker ATM Security protects ATMs by enforcing a wide range of restrictions in software: whitelisting with application control to block unauthorized applications; restricting attempts to connect peripheral devices such as a keyboard or mouse; limiting network connections with a firewall; and more.

The developer has confirmed the issue in Checker ATM Security versions 4.x and 5.x and has already provided a patch for the affected versions to all its customers worldwide, who are advised to install it immediately, the release said.