Featured Article

Featured Article 

Sign up for our free BSA/AML Webinar

Click Here

 

Newsletter Signup

 

Comp Survey
 

2011 Independent Bank Compensation Survey


Have A Question?

We'll get right back to you.

Name:
Company:
Email:
Phone:
Interest:
Question:
TypeCode:* Security Image
Follow Us:
Home > Library > IT and Security > ATM Default Settings Security Issues
Bookmark and Share

ATM Default Settings Can Lead To Security Issues

9/2/2010

At any point during the day we are assaulted with keyboards, keypads and monitors. They are on street corners, within airports, shopping centers and other public areas. Imagine if these ATM devices were personal computers. Would you want to allow such easy access to your keyboard and monitor? Generally, ATMs are PCs that are for public consumption. At the heart of each ATM is an operating system and computer. The majority of operating systems running ATMs are the same that run your PC.

ATM security is often an afterthought, but it should not be assumed. If the financial institution does not change the factory default settings or security codes, their ATMs may be at risk. Once the ATM’s security has been breached, critical client data is available and can open the floodgates for things such as identity theft.

How does a hacker access the PC running the ATM application? In the past, ATM manufacturers would publish the default and factory security codes on their websites. After a few years they noticed that this information was being accessed by not only financial institutions but also by the bad guys. These manufacturers quickly removed this information from their websites, but the security codes did not change.

To access older information on the web, there are a number of internet archiving websites that harvest historical information in a digital format. The Internet Archive or Wayback Machine™ is an example of this technology. You simply put in the website you wish to research and you are presented with a company’s website history from 1999 to the present day. There is nothing that would prevent a hacker from trying these factory security codes at the ATMs financial institutions have deployed throughout the community. In addition, YouTube™ is filled with ATM hacking techniques.

After reading this, you may feel like we are providing trade secret information to the bad guys, but this information has been readily available for a decade. What can you do now? During your next IT exam, insist that ATMs are included in the scope of the vulnerability assessment.